鲜花( 38) 鸡蛋( 0)
|
{ or ''}
本帖最后由 三T上人 于 2016-7-22 11:30 编辑 <br /><br />"We've been talking with them since the report came out yesterday," Halderman said in an interview.
To Halderman, the Green Dam software presents two fundamental problemsne, that the software contains vulnerabilities that would allow othersto spy on the activities of those who use it; and second, that it mightcontain code stolen from another manufacturer. The Chinese developer ofthe Green Dam software appears to have accidentally created thevulnerabilities, Halderman said, rather than being a deliberate attemptto allow government agencies to monitor its citizens online.
"If we apply reasoning to this, we would conclude that the governmentwants a backdoor it could access, and others could not," Haldermansaid.
Version 3.17 of the Green Dam software appears to contain both thereferences to the blacklists as well as the allegedly stolen code. Butthe software is also being frequently updated, and the most recentpatch, applied Thursday, appears to eliminate many of the blacklistreferences to Solid Oak, Halderman said.
"I think the bottom line is that the Chinese government is trying toroll out the software without doing their due diligence," Haldermansaid. "Clearly, there needs to be more time to evaluate the softwareboth in terms of legality and in terms of security before it is rolledout on a widespread basis."
That was small consolation to Solid Oak's Milburn, who said that he hadreceived an anonymous email sent to a broadcast address at the siteFriday morning alerting the company that Green Dam was using Solid Oakcode. He dismissed it, thinking it was a hoax. But another employeeresearched it and found that the allegation was indeed true, and thatboth URLs and other Solid Oak code, including DLL files, were part ofGreen Dam. After doing a bit of research he found the U. of Michiganpaper and contacted Halderman.
"From the stuff they've posted, I'm 100 percent certain they're usingour proprietary code," Milburn said, who said he wasn't certain howmuch of the code was reverse-engineered or simply stolen.
"We're still trying to do the detective work here," Milburn said.
At press time, Solid Oak had determined that the filtering engine orparts of it on lower level had been decompiled, using certainproprietary methods. Solid Oak doesn't ship a Chinese-language versionof CyberSitter. But, Milburn said, "the words a user sees on the screenare almost identical to ours."
According to Milburn, the company spent Friday trying to determine whatits options were, and what avenues it could pursue to try and preventits code from being misused.
According to The New York Times,PC OEMs were blindsided by the Green Dam requirement, and have tried tofigure out how they could add the software to their production linesjust six weeks before the mandate was scheduled to take place. Dell,Hewlett-Packard, and other OEMs would be required to add the softwareto their PC distributions.
But would they if it contributed to software piracy? "To my mind,[shipping Green Dam] would make the PC manufacturers an accessory afterthe fact to software piracy," Milburn said. "I would think that the PCmanufacturers wouldn't want to do that if I were in their position."
"We haven't had any opportunity to explore our options," Milburn said."At the very minimum, I believe we would pursue some sort ofinjunction."
Theoretically, this could place PC OEMs wishing to do business in Chinawith a nearly impossible choice: face the threat of an injunction orsuits within the United States, risk angering the Chinese government byremoving the Green Dam software, or halt PC sales into Chinaaltogether. Representatives at Hewlett-Packard and Dell were unable tobe reached for comment by press time.
This isn't the first time Solid Oak's code has been stolen, Milburnsaid. In the late 1990s, hackers reverse-engineered CyberSitter, whichprevents underage children from accessing pornography or other adultcontent, to allow users to access such content.
The hackers, as well as other detractors, have previously accused SolidOak and CyberSitter of censoring the Internet. "That's why we don'twant to be associated with it," Milburn said of Green Dam.
Moreover, potentially millions of Chinese PC users could hit SolidOak's servers for updates, causing them huge fees for the additionalbandwidth costs the company would be charged for.
One obvious solution to the problem would be to block access to China,a move that would also cut off a number of American schools in China,including missionary schools, that use the software as a legitimatemeans of preventing children from accessing the adult content. Someorganizations with satellite offices in Singapore, Korea, or otherSouth Asian countries might also be affected.
"They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.
SOSO.CC |
{ or ''}
|