设为首页收藏本站--- 驰名中外的国际土木工程技术交流平台!

东南西北人

{block slist['portal']}
  • 文章
  • {/block}{block slist['blog']}
  • 日志
  • {/block}{block slist['album']}
  • 相册
  • {/block}{block slist['group']}
  • 群组
  • {/block}
    总共8822条微博

    动态微博

    本站帖子精华之精华汇总 Best of the Best英语口语、听力、翻译、考试学习经验交流与探讨1000多土木工程类行业软件、计算表格和计算工具免费下载东南西北人网站QQ精英群 QQ189615688
    中国土木工程师手册(上中下)东南西北人英文资料走马观花500多专业手册、工程手册100多个专业词典大汇总
    如何获取积分和金币?精彩施工和土木工程技术视频东南西北人英汉对照资料汇总各版块精彩讨论贴汇总!
    查看: 1261|回复: 4

    China's Filtering Software Contains Pirated Code

    [复制链接]
    鲜花(38) 鸡蛋(0)
    hll2118 发表于 2009-6-13 21:42:44 | 显示全部楼层 |阅读模式
    { or ''}
    本帖最后由 三T上人 于 2016-7-22 11:30 编辑 <br /><br />"We've been talking with them since the report came out yesterday," Halderman said in an interview.
    To Halderman, the Green Dam software presents two fundamental problemsne, that the software contains vulnerabilities that would allow othersto spy on the activities of those who use it; and second, that it mightcontain code stolen from another manufacturer. The Chinese developer ofthe Green Dam software appears to have accidentally created thevulnerabilities, Halderman said, rather than being a deliberate attemptto allow government agencies to monitor its citizens online.
    "If we apply reasoning to this, we would conclude that the governmentwants a backdoor it could access, and others could not," Haldermansaid.
    Version 3.17 of the Green Dam software appears to contain both thereferences to the blacklists as well as the allegedly stolen code. Butthe software is also being frequently updated, and the most recentpatch, applied Thursday, appears to eliminate many of the blacklistreferences to Solid Oak, Halderman said.
    "I think the bottom line is that the Chinese government is trying toroll out the software without doing their due diligence," Haldermansaid. "Clearly, there needs to be more time to evaluate the softwareboth in terms of legality and in terms of security before it is rolledout on a widespread basis."
    That was small consolation to Solid Oak's Milburn, who said that he hadreceived an anonymous email sent to a broadcast address at the siteFriday morning alerting the company that Green Dam was using Solid Oakcode. He dismissed it, thinking it was a hoax. But another employeeresearched it and found that the allegation was indeed true, and thatboth URLs and other Solid Oak code, including DLL files, were part ofGreen Dam. After doing a bit of research he found the U. of Michiganpaper and contacted Halderman.
    "From the stuff they've posted, I'm 100 percent certain they're usingour proprietary code," Milburn said, who said he wasn't certain howmuch of the code was reverse-engineered or simply stolen.
    "We're still trying to do the detective work here," Milburn said.
    At press time, Solid Oak had determined that the filtering engine orparts of it on lower level had been decompiled, using certainproprietary methods. Solid Oak doesn't ship a Chinese-language versionof CyberSitter. But, Milburn said, "the words a user sees on the screenare almost identical to ours."
    According to Milburn, the company spent Friday trying to determine whatits options were, and what avenues it could pursue to try and preventits code from being misused.
    According to The New York Times,PC OEMs were blindsided by the Green Dam requirement, and have tried tofigure out how they could add the software to their production linesjust six weeks before the mandate was scheduled to take place. Dell,Hewlett-Packard, and other OEMs would be required to add the softwareto their PC distributions.
    But would they if it contributed to software piracy? "To my mind,[shipping Green Dam] would make the PC manufacturers an accessory afterthe fact to software piracy," Milburn said. "I would think that the PCmanufacturers wouldn't want to do that if I were in their position."
    "We haven't had any opportunity to explore our options," Milburn said."At the very minimum, I believe we would pursue some sort ofinjunction."
    Theoretically, this could place PC OEMs wishing to do business in Chinawith a nearly impossible choice: face the threat of an injunction orsuits within the United States, risk angering the Chinese government byremoving the Green Dam software, or halt PC sales into Chinaaltogether. Representatives at Hewlett-Packard and Dell were unable tobe reached for comment by press time.
    This isn't the first time Solid Oak's code has been stolen, Milburnsaid. In the late 1990s, hackers reverse-engineered CyberSitter, whichprevents underage children from accessing pornography or other adultcontent, to allow users to access such content.
    The hackers, as well as other detractors, have previously accused SolidOak and CyberSitter of censoring the Internet. "That's why we don'twant to be associated with it," Milburn said of Green Dam.
    Moreover, potentially millions of Chinese PC users could hit SolidOak's servers for updates, causing them huge fees for the additionalbandwidth costs the company would be charged for.
    One obvious solution to the problem would be to block access to China,a move that would also cut off a number of American schools in China,including missionary schools, that use the software as a legitimatemeans of preventing children from accessing the adult content. Someorganizations with satellite offices in Singapore, Korea, or otherSouth Asian countries might also be affected.
    "They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.

    SOSO.CC
    { or ''}
    鲜花(2) 鸡蛋(0)
    Wendy 发表于 2022-3-30 22:51:01 | 显示全部楼层
    鲜花(27) 鸡蛋(0)
    abuhan 发表于 2022-5-17 03:50:34 | 显示全部楼层
    { or ''}
    { or ''}
    鲜花(27) 鸡蛋(0)
    abuhan 发表于 2022-7-28 19:30:32 | 显示全部楼层
    { or ''}
    { or ''}
    鲜花(27) 鸡蛋(0)
    abuhan 发表于 2022-11-16 21:23:57 | 显示全部楼层
    { or ''}
    { or ''}
    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    QQ|关于我们|QQ即时充值|站点统计|手机版|小黑屋|百宝箱|留言|咨询|微信订阅|QQ189615688|东南西北人

    GMT+8, 2024-3-29 07:24 , Processed in 0.075665 second(s), 34 queries .

    Powered by Discuz! X3.4

    !copyright!

    快速回复 返回顶部 返回列表