Tuesday, November 30, 2010

Analysis of China's Green Dam Censorware system

From WikiLeaks

Jump to: navigation, search
June 11, 2009

By Scott Wolchok, Randy Yao, and J. Alex Halderman] (Computer Science and Engineering Division, University of Michigan)

We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

Contents

1 Introduction
2 How Green Dam Works
3 Security Problems
3.1 Web Filtering Vulnerability
3.2 Blacklist Update Vulnerability
4 Removing Green Dam
5 Conclusion
5.1 Acknowledgments
5.2 Contacting the Authors
6 Source documents
7 See also
Introduction

Accordingly to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam. This software is designed to monitor internet connections and text typed on the computer. It blocks undesirable or politically sensitive content and optionally reports it to authorities. Green Dam was developed by a company called Jin Hui and is available as a free download. We examined version 3.17.

How Green Dam Works

The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications. The filtering blacklists include both political and adult content. Some of the blacklists appear to have been copied from American-made filtering software.

Image filter Green Dam includes computer vision technology used to block online images containing nudity. The image filter reportedly works by flagging images containing large areas of human skin tone, while making an exception for close-ups of faces. We've found that the program contains code libraries and a configuration file from the open-source image recognition software OpenCV.

Text filter Green Dam scans text entry fields in various applications for blocked words, including obscenities and politically sensitive phrases (for example, references to Falun Gong). Blacklisted terms are contained in three files, encrypted with a simple key-less scrambling operation. We decrypted the contents of these files: [data/xwordl.php xwordl.dat], [data/xwordm.php xwordm.dat], and [data/xwordh.php xwordh.dat]. We also found what appears to be a word list for a more sophisticated sentence processing algorithm in the unencrypted file [data/falunword.php FalunWord.lib]. When Green Dam detects these words, the offending program is forcibly closed and an error image (shown above) is displayed.

URL filter Green Dam filters website URLs using patterns contained in whitelist and blacklist files (*fil.dat, adwapp.dat, and TrustUrl.dat). These files are encrypted with the same key-less scrambling operation as the blacklists for the text filter. Five of the blacklists correspond to the categories in the content filtering section of Green Dam's options dialog (shown [#screens below]).

We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter. In particular, we found an encrypted configuration file, [data/wfileu.txt wfileu.dat], that references these blacklists with download URLs at CyberSitter's site. We also found a setup file, [data/xstring.s2g.txt xstring.s2g], that appears to date these blacklists to 2006. Finally, [data/csnews.txt csnews.dat] is an encrypted 2004 news bulletin by CyberSitter. We conjecture that this file was accidentally included because it has the same file extension as the filters.

Security Problems

After only one day of testing the Green Dam software, we found two major security vulnerabilities. The first is an error in the way the software processes web sites it monitors. The second is a bug in the way the software installs blacklist updates. Both allow remote parties to execute arbitrary code and take control of the computer.

Web Filtering Vulnerability

Green Dam intercepts Internet traffic and processes it to see whether visited web sites are blacklisted. In order to perform this monitoring, it injects a library called SurfGd.dll into software that uses the socket API. When a user access a web site, this code checks the address against the blacklist and logs the URL.

We discovered programming errors in the code used to process web site requests. The code processes URLs with a fixed-length buffer, and a specially-crafted URL can overrun this buffer and corrupt the execution stack. Any web site the user visits can redirect the browser to a page with a malicious URL and take control of the computer.

We have constructed a demonstration URL that triggers this problem. If you have Green Dam installed, clicking the button on our demonstration attack page will cause your browser (or tab) to crash.

This proof-of-concept shows that we are able to control the execution stack. An actual attacker could exploit this to execute malicious code.

Green Dam's design makes this problem exploitable from almost any web browser. At this time, the surest way for users to protect themselves is to uninstall Green Dam.

Blacklist Update Vulnerability

We found a second problem in the way Green Dam reads its filter files. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer after installing a filter update. Users can enable automatic filter updates from the Green Dam configuration program.

Green Dam reads its filter files using unsafe C string libraries. In places, it uses the fscanf function to read lines from filter files into a fixed-length buffer on the execution stack. This creates classic buffer-overflow vulnerabilities. For example, if a line in the file TrustUrl.dat exceeds a certain fixed length, the buffer will be overrun, corrupting the execution stack and potentially giving the attacker control of the process.

The filter files can be replaced remotely by the software maker if the user has enabled filter updates. The updates could corrupt these vulnerable files to exploit the problems we found. This could allow Green Dam's makers to take control of any computer where the software is installed and automatic filter updates are enabled. Furthermore, updates are delivered via unencrypted HTTP, which could allow a third party to impersonate the update server (for example, by exploiting DNS vulnerabilities) and take control of users' computers using this attack.

Removing Green Dam

Green Dam allows users who know its administrator password to uninstall the software. We tested the uninstaller and found that it appears to effectively remove Green Dam from the computer. However, it fails to remove some log files, so evidence of users' activity remains hidden on the system.

In light of the serious vulnerabilities we outlined above, the surest way for users to protect themselves is to remove the software immediately using its uninstall function.

Conclusion

Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack.

If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.

Acknowledgments

We wish to thank our colleagues at the University of Michigan who alerted us to Green Dam and assisted with translation.

Contacting the Authors

Please send questions or comments to Professor J. Alex Halderman.

Source documents

Green Dam censorship system internal brief to Chinese government, Jan 2008
See also

A technical analysis of the Chinese 'Green Dam Youth-Escort' censorship software
Retrieved from "http://www.wikileaks.org/wiki/Analysis_of_China%27s_Green_Dam_Censorware_system"
Categories: Analyses | United States | 2009 | 2009-06

Sunday, October 31, 2010

NBN a waste of money

* Rick Wallace, Tokyo correspondent
* From: The Australian
* October 30, 2010 12:00AM

ONE of Japan's richest men has labelled Australia's $43 billion National Broadband Network a stupid waste of taxpayers' money.

Masayoshi Son, who heads Japanese internet and mobile giant Softbank and counts Apple's Steve Jobs and Microsoft's Bill Gates among his friends, attacked the Gillard government's signature project yesterday.

Quizzed about the NBN by The Weekend Australian after delivering a speech in Tokyo, Mr Son said it was completely unnecessary to spend so much taxpayers' money.

"It's a waste; it's a stupid solution," he said. "Without using taxpayers' money you can get 21st-century infrastructure."

Mr Son had just finished delivering his own vision of how to deliver fibre-to-the-home connections throughout Japan without any taxpayer contribution.

He claimed that his solution, recently put to Prime Minister Naoto Kan and several members of his cabinet, would deliver basic fibre connections for just 1150 yen ($15) a month, far cheaper than what is envisaged under the NBN.

That is also far cheaper than the current typical monthly price of Y5000 ($63) for cable in Japan.

Mr Son's proposal involves splitting the part-government-owned NTT into telco services and fibre network businesses and rolling out cable to all homes within five years.

Softbank and fellow carrier KDDI would fold their fibre cable infrastructure into the merged network business, which would then be 40 per cent owned by the government and 60 per cent by NTT, Softbank and KDDI.

Mr Son said that a one-time rollout of fibre -- similar to the NBN proposal -- would cost just one-third as much as cabling individual homes on an on-demand basis.

"My advice is forget about the demand basis installation, just do it with a plan. Replace whole cities: this month Hiroshima City, next month another city, and so on," he said.

"Replace entire cities with a plan and remove metal and replace with fibre. That way the installation cost is one-third and the installation speed is much quicker."

He believes that no new capital investment would be required from taxpayers and that the network business would soon become profitable because of lower maintenance costs stemming from the replacement of the decaying copper network.

"After five years it (the network business) would generate very profitable free cash flow. If that company generates profitable free cash flow over the next 20 years, then it can get all the money from banks, not depending on taxpayers' money.

In a speech at the Foreign Correspondents' Club of Japan, he acknowledged Softbank would benefit from the plan, but said so would the country and potentially the world.

Mr Son said that while Australia faced obvious technical challenges in terms of distances and sparse population, Japan's mountainous terrain and thousands of islands posed challenges, too.

Monday, August 09, 2010

Better software modeling is a key

From: cnet.com - Bill Gates: Better software modeling is a key
by Ina Fried

LAKE TAHOE, Calif.--A key to many hard problems, from using nuclear power to combating diseases, is better software modeling, Bill Gates said on Friday.

While it's not surprising that he's a fan of using software to help solve hard problems, it is somewhat surprising that there aren't already good models for some diseases.

"There's no disease-modeling software," he said, speaking at the end of the three-day Techonomy conference here. "There is none. Why is flu seasonal? We don't know."

Gates said he aims to make sure that gap is filled, supporting development of the tools needed to do such modeling, while he also wants to use modeling to further explore nuclear power options, such as the Terrapower effort he is backing. "On paper it's quite amazing but it is hard to go from here to there," he said.

Gates said he also plans to offer up the modeling software package for free for others to use.

He conceded that the models never get things right exactly, but he said, "You are a hundred times smarter doing it that way than just going out there (without such models)."

"What you are doing is constantly tweaking them to match the finite data set you have," he said.

The risks, he said, of not using modeling can be immense. In malaria, for example, you really want to make sure your approach will wipe out the disease in a particular area lest the effort succeed only in creating more resistant strains of the disease and hardier mosquitoes.

Although he's a big lover of the free market, Bill Gates said Friday that there are a lot of areas where the market could use some help.

For example, Gates said that it takes a really long time to get a new nuclear power plant technology to market, longer even than the patent that might allow a successful invention to be profitable.

"You are not going to have a lot of people putting down money when the length of the project is longer than the length of the patent," Gates said, speaking at the Techonomy conference here.

It's not even certain that one could do it in their lifetime and he said a lot of people like to focus on projects that will happen in their lifetimes, "particularly if you aren't that religious," a category in which he said he falls.

Although some areas need help, Gates said creating new forms of energy will lead to new wealth. "A few somebodies will get very rich making those breakthroughs."

If we knew a particular solar or nuclear technology were a sure thing, he said, our power issues would be complete. But, he said, "boy are there a lot of problems that need to be solved."

As for how he spends his time, Gates said he reads two to three hours a day, but is also up for spending an hour or two watching video, particularly online classes. "There are dozens and dozens of mind-blowing courses you can buy from Teach12," he said. There are plenty of free options too, he said, but it is often hard to find the ones that match one's interests and for which they have the right background.

"There's a lot of dead-ends where a course might not give you what you want," he said.

Gates also said that he hopes that eventually the best online courses will start to get significant funding to get even better, not unlike concert videos and other entertainment.

"Why don't the best physics classes have a million-dollar budget for neat experiments?" he said. Gates also said he is still trying to give people some good book suggestions through mini-book reviews on his Gates Notes Web site, however he admitted "I'm about 20 books behind."

As for his effort to get more of the rich to join him in his philanthropic quest, Gates and Warren Buffett announced that Oracle CEO Larry Ellison and about 40 other wealthy individuals and families have answered their call and pledged to give away at least half their wealth.

Gates noted on Friday that just 15 percent of the largest estates in the U.S. go to philanthropy. Plus, he said that is better than any other large wealthy country. One of the problems is that giving away money can be surprisingly hard because of legal matters and other complications.

"It should be as fun as making the fortune," he said.

* © 2010 CBS Interactive. All rights reserved

Tuesday, June 22, 2010

Nokia iSync for Mac OS X

When I was using iSync on Tiger for the first time, I was impressed by its small, cute interface and especially its phone icon just for the exact model of my mobile. This may sound a bit too much fuss, but as a Windows user who was used to see the same generic icon for all related devices, it could be a little surprised. :)

Unfortunately, most recent Nokia phones are not directly supported by iSync even your Mac OS X is fully updated and even the OS is Snow Leopard. You may connect your Nokia phone with your Mac via Bluetooth and exchange files very well, but you just cannot synchronise the contacts and calendar between your Mac and Nokia phone.

To address this issue, Nokia has released related plugins to work with iSync for Mac OS X. Simply download and install the plugin for your phone and let the iSync go.

The compatible phones are Nokia C5, E50, E51, E52, E55, E60, E61i, E63, E65, E66, E70, E71, E71x, E72, E75, E90 Communicator, N75, N76, N77, N78, N79, N81, N82, N85, N86 8MP, N900, N93i, N95, N95 8GB, N96, N97, N97 mini, X86, 5230, 5232, 5233, 5235, 5320 XpressMusic, 5330 XpressMusic, 5630 XpressMusic, 5700 XpressMusic, 5730 XpressMusic, 5800 XpressMusic, 6110 Navigator, 6120 classic, 6121 classic, 6210 Navigator, 6220 classic, 6290, 6700 slide, 6702 slide, 6720 classic, 6730 classic, 6760 slide, and 6790 Surge.

Make sure you choose the right model otherwise you won't see its icon for your mobile.

Monday, June 14, 2010

Socceroo needs a better keeper

0:2 for the first 45 minutes, Aussie vs Germany. :(

Anyway, I am crossing my fingers, hoping for a miracle...

Monday, May 31, 2010

Windows 2000 support ends on July 13, 2010

According to Microsoft, the official support for Windows 2000 will be ended after 43 days on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.

Saturday, May 29, 2010

How to block spamming countries

I was recently asked about how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, just like what a spam filter does on an email server, such as blocking all emails sent from the top spamming domains such as .cn and .ru.

If you intend to identify the source IP addresses for specific domains for ALL incoming traffic to your site, you have to reverse resolve the host's domain name from each source IP address. This procedure is called Reverse DNS Lookup, or briefly rDNS.

Unfortunately, not all IPs can be reverse resolved because not every IP has its registered domain name. So technically you can't use this approach (IP to host name) to identify all country domains that you want to block.

On the other hand, not all .cn or .ru hosts are using the IP addresses which are physically located in China or Russia. They may be located in the US or any other locations in the world.

Additionally, for every single IP, reverse resolving (rDNS) needs time to query your local DNS server, then ISP's DNS server, root DNS servers and all related DNS servers. It is acceptable for validating an email address, but NOT practical for filtering all TCP/IP connections.

However, if you really want to that, you may consider simply blocking the IP ranges of China, Russia or other countries on your firewall or router facing the internet. As no rDNS is involved, the performance is better, but the performance is still reduced if too many ranges are filtered.

You may get the IP ranges from Country IP Blocks. This site also updates you about the top 10 global spammers and provides you several popular formats to export the Country IP data you need. As of the first quarter of 2010, the top three spamming countries are Korea, China and India. "The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon", the site comments.

Please be aware that this approach probably has impacts on your business if you are running commercial websites or Web Services behind the firewall or router blocking these countries, as all affected visitors from these countries can't see your websites at all, including your prospective clients just travelling in these countries.

According to MaxMind, there are 248,307,783 IP addresses for China, 86,613,071 for Korea, and 33,218,703 for Russia. Therefore you will must have a long list of IP ranges to be blocked.

The decision is up to you.

Thursday, May 27, 2010

How to create a Drop-box folder on NTFS

I just answered the same question at Experts-Exchange (EE) and found it might be a FAQ for other people, so I post my answer here for your reference. Another consideration is that most people are not EE's Premium Service Members who can access all solutions there for free, so you will not be struggling on Google caches just for digging out a solution from Experts-Exchange.

As I don't have a Windows domain on my home computer, I simply use a Windows XP for illustrating how to implement a Drop-box folder on NTFS, named "Submissions" as an example. It is the exact same method for domain scenarios, except by replacing the users with corresponding domain users. The steps apply to Windows 2003, Windows 2008 and Windows 7, too.

Basically, Administrators have "Full Control" access to the folder "Submissions", Users have "List Folder Contents" and "Write" access to the folder, and CREATOR OWNER has special "Read" access to the folder. All NTFS permissions are shown in the screenshots below.

As the result, Users can list the folder, post files, and read the files they posted, but not the files of each other. Administrators can access all files with Full Control.


Permissions for Administrators


Permissions for CREATOR


Permissions for Users


Advanced Security Settings for Submissions


Detailed Permissions for Administrators - Full Control


Detailed Permissions for CREATOR - Read & Execute


Detailed Permissions for Users - Write


Detailed Permissions for Users - Read & Execute

Monday, May 24, 2010

105 XP updates since 2008

As I need to use Excel 2007 to process some spreadsheets, I just restored my work PC from a VM snapshot back to October 2008. The virtual machine running Windows XP Professional has been suspended on my hard disk for 20 months. It can be the evidence showing my switch from Windows to Mac OS X. Yes, I am a Windows guy, but I do use iMac as the platform at home, though I always work (test) on varied Windows VMs on Mac OS X at the same time.

I have switched my productivity applications from Office 2007 for Windows to Office 2008 for Mac. I am happy with most Mac versions of Microsoft Office applications, umm... except Excel 2008. In my opinions, it is a kind of totally different user experience compared to what I used to with Excel 2007.

As for that XP, as the screenshot shown below, it needs to install 105 updates (including 91 critical updates but IE7/IE8 and .NET Framework) in size of 740.6 MB, and it needs more than 3 hours to install. 740 MB is just a CD. As I remember, Windows XP initially released on a single CD in 2001...