主题:密歇根大学绿坝分析报告(ZT)
此话题归属 找搭子
943
16
来自:保密
注册:2004-06-24
发帖:792+5942
注册:2004-06-24
发帖:792+5942
Analysis of the Green Dam Censorware System
http://www.cse.umich.edu/~jhalderm/pub/gd/[url=http://www.cse.umich.edu/~jhalderm/pub/gd/]http://www.cse.umich.edu/~jhalderm/pub/gd/[/url]
Scott Wolchok, Randy Yao, and J. Alex Halderman
Computer Science and Engineering Division
The University of Michigan
Revision 2.4 – June 11, 2009
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Green Dam displays this message when it detects banned phrases.
Introduction
Accordingly to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam. This software is designed to monitor internet connections and text typed on the computer. It blocks undesirable or politically sensitive content and optionally reports it to authorities. Green Dam was developed by a company called Jin Hui and is available as a free download. We examined version 3.17.
How Green Dam Works
The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications. The filtering blacklists include both political and adult content. Some of the blacklists appear to have been copied from American-made filtering software.
Image filter Green Dam includes computer vision technology used to block online images containing nudity. The image filter reportedly works by flagging images containing large areas of human skin tone, while making an exception for close-ups of faces. We've found that the program contains code libraries and a configuration file from the open-source image recognition software OpenCV.
Text filter Green Dam scans text entry fields in various applications for blocked words, including obscenities and politically sensitive phrases (for example, references to Falun Gong). Blacklisted terms are contained in three files, encrypted with a simple key-less scrambling operation. We decrypted the contents of these files: xwordl.dat, xwordm.dat, and xwordh.dat. We also found what appears to be a word list for a more sophisticated sentence processing algorithm in the unencrypted file FalunWord.lib. When Green Dam detects these words, the offending program is forcibly closed and an error image (shown above) is displayed.
URL filter Green Dam filters website URLs using patterns contained in whitelist and blacklist files (*fil.dat, adwapp.dat, and TrustUrl.dat). These files are encrypted with the same key-less scrambling operation as the blacklists for the text filter. Five of the blacklists correspond to the categories in the content filtering section of Green Dam's options dialog (shown below).
We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter. In particular, we found an encrypted configuration file, wfileu.dat, that references these blacklists with download URLs at CyberSitter's site. We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006. Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter. We conjecture that this file was accidentally included because it has the same file extension as the filters.
Security Problems
After only one day of testing the Green Dam software, we found two major security vulnerabilities. The first is an error in the way the software processes web sites it monitors. The second is a bug in the way the software installs blacklist updates. Both allow remote parties to execute arbitrary code and take control of the computer.
http://www.cse.umich.edu/~jhalderm/pub/gd/[url=http://www.cse.umich.edu/~jhalderm/pub/gd/]http://www.cse.umich.edu/~jhalderm/pub/gd/[/url]
Scott Wolchok, Randy Yao, and J. Alex Halderman
Computer Science and Engineering Division
The University of Michigan
Revision 2.4 – June 11, 2009
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Green Dam displays this message when it detects banned phrases.
Introduction
Accordingly to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam. This software is designed to monitor internet connections and text typed on the computer. It blocks undesirable or politically sensitive content and optionally reports it to authorities. Green Dam was developed by a company called Jin Hui and is available as a free download. We examined version 3.17.
How Green Dam Works
The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications. The filtering blacklists include both political and adult content. Some of the blacklists appear to have been copied from American-made filtering software.
Image filter Green Dam includes computer vision technology used to block online images containing nudity. The image filter reportedly works by flagging images containing large areas of human skin tone, while making an exception for close-ups of faces. We've found that the program contains code libraries and a configuration file from the open-source image recognition software OpenCV.
Text filter Green Dam scans text entry fields in various applications for blocked words, including obscenities and politically sensitive phrases (for example, references to Falun Gong). Blacklisted terms are contained in three files, encrypted with a simple key-less scrambling operation. We decrypted the contents of these files: xwordl.dat, xwordm.dat, and xwordh.dat. We also found what appears to be a word list for a more sophisticated sentence processing algorithm in the unencrypted file FalunWord.lib. When Green Dam detects these words, the offending program is forcibly closed and an error image (shown above) is displayed.
URL filter Green Dam filters website URLs using patterns contained in whitelist and blacklist files (*fil.dat, adwapp.dat, and TrustUrl.dat). These files are encrypted with the same key-less scrambling operation as the blacklists for the text filter. Five of the blacklists correspond to the categories in the content filtering section of Green Dam's options dialog (shown below).
We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter. In particular, we found an encrypted configuration file, wfileu.dat, that references these blacklists with download URLs at CyberSitter's site. We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006. Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter. We conjecture that this file was accidentally included because it has the same file extension as the filters.
Security Problems
After only one day of testing the Green Dam software, we found two major security vulnerabilities. The first is an error in the way the software processes web sites it monitors. The second is a bug in the way the software installs blacklist updates. Both allow remote parties to execute arbitrary code and take control of the computer.
-------------------------------------------------------------------------------------------
世界上可以说有两类人:那些不断地把世人划分为两类的人,以及那些并不如此划分的人。。。
我属于后一类人。。。  
我属于后一类人。。。  
发表于:2009-06-12 12:49:01
推荐:牙齿有问题,您找我!
...楼主...
943
16
来自:保密
注册:2004-06-24
发帖:792+5943
注册:2004-06-24
发帖:792+5943
Web Filtering Vulnerability
Green Dam intercepts Internet traffic and processes it to see whether visited web sites are blacklisted. In order to perform this monitoring, it injects a library called SurfGd.dll into software that uses the socket API. When a user access a web site, this code checks the address against the blacklist and logs the URL.
We discovered programming errors in the code used to process web site requests. The code processes URLs with a fixed-length buffer, and a specially-crafted URL can overrun this buffer and corrupt the execution stack. Any web site the user visits can redirect the browser to a page with a malicious URL and take control of the computer.
We have constructed a demonstration URL that triggers this problem. If you have Green Dam installed, clicking the button on our demonstration attack page will cause your browser (or tab) to crash.
This proof-of-concept shows that we are able to control the execution stack. An actual attacker could exploit this to execute malicious code.
Green Dam's design makes this problem exploitable from almost any web browser. At this time, the surest way for users to protect themselves is to uninstall Green Dam.
Blacklist Update Vulnerability
We found a second problem in the way Green Dam reads its filter files. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer after installing a filter update. Users can enable automatic filter updates from the Green Dam configuration program.
Green Dam reads its filter files using unsafe C string libraries. In places, it uses the fscanf function to read lines from filter files into a fixed-length buffer on the execution stack. This creates classic buffer-overflow vulnerabilities. For example, if a line in the file TrustUrl.dat exceeds a certain fixed length, the buffer will be overrun, corrupting the execution stack and potentially giving the attacker control of the process.
The filter files can be replaced remotely by the software maker if the user has enabled filter updates. The updates could corrupt these vulnerable files to exploit the problems we found. This could allow Green Dam's makers to take control of any computer where the software is installed and automatic filter updates are enabled. Furthermore, updates are delivered via unencrypted HTTP, which could allow a third party to impersonate the update server (for example, by exploiting DNS vulnerabilities) and take control of users' computers using this attack.
Removing Green Dam
Green Dam allows users who know its administrator password to uninstall the software. We tested the uninstaller and found that it appears to effectively remove Green Dam from the computer. However, it fails to remove some log files, so evidence of users' activity remains hidden on the system.
In light of the serious vulnerabilities we outlined above, the surest way for users to protect themselves is to remove the software immediately using its uninstall function.
Conclusion
Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack.
If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.
Green Dam intercepts Internet traffic and processes it to see whether visited web sites are blacklisted. In order to perform this monitoring, it injects a library called SurfGd.dll into software that uses the socket API. When a user access a web site, this code checks the address against the blacklist and logs the URL.
We discovered programming errors in the code used to process web site requests. The code processes URLs with a fixed-length buffer, and a specially-crafted URL can overrun this buffer and corrupt the execution stack. Any web site the user visits can redirect the browser to a page with a malicious URL and take control of the computer.
We have constructed a demonstration URL that triggers this problem. If you have Green Dam installed, clicking the button on our demonstration attack page will cause your browser (or tab) to crash.
This proof-of-concept shows that we are able to control the execution stack. An actual attacker could exploit this to execute malicious code.
Green Dam's design makes this problem exploitable from almost any web browser. At this time, the surest way for users to protect themselves is to uninstall Green Dam.
Blacklist Update Vulnerability
We found a second problem in the way Green Dam reads its filter files. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer after installing a filter update. Users can enable automatic filter updates from the Green Dam configuration program.
Green Dam reads its filter files using unsafe C string libraries. In places, it uses the fscanf function to read lines from filter files into a fixed-length buffer on the execution stack. This creates classic buffer-overflow vulnerabilities. For example, if a line in the file TrustUrl.dat exceeds a certain fixed length, the buffer will be overrun, corrupting the execution stack and potentially giving the attacker control of the process.
The filter files can be replaced remotely by the software maker if the user has enabled filter updates. The updates could corrupt these vulnerable files to exploit the problems we found. This could allow Green Dam's makers to take control of any computer where the software is installed and automatic filter updates are enabled. Furthermore, updates are delivered via unencrypted HTTP, which could allow a third party to impersonate the update server (for example, by exploiting DNS vulnerabilities) and take control of users' computers using this attack.
Removing Green Dam
Green Dam allows users who know its administrator password to uninstall the software. We tested the uninstaller and found that it appears to effectively remove Green Dam from the computer. However, it fails to remove some log files, so evidence of users' activity remains hidden on the system.
In light of the serious vulnerabilities we outlined above, the surest way for users to protect themselves is to remove the software immediately using its uninstall function.
Conclusion
Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack.
If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.
-------------------------------------------------------------------------------------------
世界上可以说有两类人:那些不断地把世人划分为两类的人,以及那些并不如此划分的人。。。
我属于后一类人。。。  
我属于后一类人。。。  
发表于:2009-06-12 12:49:38
推荐:秀电影模仿照片 赢免费电影票!
...第1楼...
认证会员
316
2
来自:上海
注册:2008-06-18
发帖:112+2823
注册:2008-06-18
发帖:112+2823
These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack. 
-------------------------------------------------------------------------------------------
------------------------------------------------------
本机已装绿坝,绿坝说可以发,请勿跨省追捕,有事请找绿坝
-----------------
本机已装绿坝,绿坝说可以发,请勿跨省追捕,有事请找绿坝
-----------------
发表于:2009-06-12 12:56:01
推荐:i3G玩家营“我爱疯”正式成立--09年末狂欢日
...第4楼...
1953
5
来自:上海
注册:2001-04-29
发帖:659+5216
注册:2001-04-29
发帖:659+5216
Google翻译
Analysis of the Green Dam Censorware System分析绿色大坝Censorware系统
http://www.cse.umich.edu/~jhalderm/pub/gd/ http://www.cse.umich.edu/~jhalderm/pub/gd/ http://www.cse.umich.edu/ 〜 jhalderm /酒吧/广东/ http://www.cse.umich.edu/ 〜 jhalderm /酒吧/广东/
Scott Wolchok, Randy Yao, and J. Alex Halderman斯科特Wolchok ,兰迪,姚明和J. Alex Halderman研讨
Computer Science and Engineering Division计算机科学与工程系司
The University of Michigan美国密西根大学
Revision 2.4 – June 11, 2009修订2.4 - 09年6月11日
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government.总结我们发现远程利用的漏洞在绿色大坝,检查软件授权据说中国政府。 Any web site a Green Dam user visits can take control of the PC.任何网站绿色大坝用户访问可以控制电脑。
According to press reports, China will soon require all PCs sold in the country to include Green Dam.据新闻报道,中国将很快要求所有销售的PC在该国,包括绿色大坝。 This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.该软件监控网站访问和其他活动,并在计算机上的成人内容块,以及政治上敏感的材料。
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors.我们审查了绿色大坝软件,发现它载有严重的安全漏洞,由于编程错误。 Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer.绿色大坝一旦安装后,任何网站的用户访问,可以充分利用这些问题来控制电脑。 This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet.这可能允许恶意网站窃取个人资料,发送垃圾邮件,或争取在一个僵尸网络的计算机。 In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.此外,我们发现漏洞的方式绿色大坝进程黑名单的更新,可以让软件制造商或其他人安装恶意代码在更新过程中。
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg.我们发现这些问题,不到12小时的测试,我们认为他们可能只是冰山的一角。 Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities.绿色大坝使得经常使用不安全的和过时的编程做法可能引进其他许多漏洞。 Correcting these problems will require extensive changes to the software and careful retesting.纠正这些问题,需要大量的修改,重新测试软件和认真。 In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.在此同时,我们建议用户在保护自己的绿色大坝立即卸载。
Green Dam displays this message when it detects banned phrases.绿色大坝显示此邮件时,发现被禁止的词组。
Introduction导言
Accordingly to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam.因此最近的新闻报道(纽约时报,华尔街日报) ,我国政府授权的是, 7月1日开始,每一个在中国销售的PC都必须包括一个审查程序称作绿色大坝。 This software is designed to monitor internet connections and text typed on the computer.该软件的目的是监测互联网连接和文字输入电脑。 It blocks undesirable or politically sensitive content and optionally reports it to authorities.该区块不良或政治上敏感的内容和选择报告给当局。 Green Dam was developed by a company called Jin Hui and is available as a free download.绿色大坝是由一家名叫靳回,并提供免费下载。 We examined version 3.17.我们审查版本3.17 。
How Green Dam Works如何绿色坝工程
The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications.绿色大坝软件内容过滤器拦截的网址和网站的图片和文字,通过监测其他应用软件。 The filtering blacklists include both political and adult content.过滤黑名单既包括政治和成人内容。 Some of the blacklists appear to have been copied from American-made filtering software.一些黑名单似乎被复制美国制造的过滤软件。
Image filter Green Dam includes computer vision technology used to block online images containing nudity.图像过滤绿色大坝包括计算机视觉技术用来阻止在线图片包含裸露。 The image filter reportedly works by flagging images containing large areas of human skin tone, while making an exception for close-ups of faces.图像过滤器的工作原理是据说含有标记的图像大面积的人的皮肤色调,而决策的一个例外,适用于近摄的面孔。 We've found that the program contains code libraries and a configuration file from the open-source image recognition software OpenCV.我们发现,该计划包含的代码库和一个配置文件从开源图像识别软件OpenCV 。
Text filter Green Dam scans text entry fields in various applications for blocked words, including obscenities and politically sensitive phrases (for example, references to Falun Gong).内容过滤器绿色大坝扫描文字输入的各种应用领域的封锁的话,包括猥亵和政治上敏感的词组(例如,提到***) 。 Blacklisted terms are contained in three files, encrypted with a simple key-less scrambling operation.列入黑名单的条款中包含三个文件,一个简单的加密密钥不太争相作业。 We decrypted the contents of these files: xwordl.dat, xwordm.dat, and xwordh.dat.我们解密的内容,这些文件: xwordl.dat , xwordm.dat ,并xwordh.dat 。 We also found what appears to be a word list for a more sophisticated sentence processing algorithm in the unencrypted file FalunWord.lib.我们还发现这似乎是一个单词列表的更复杂的句子处理算法的加密文件FalunWord.lib 。 When Green Dam detects these words, the offending program is forcibly closed and an error image (shown above) is displayed.当绿色大坝检测这些话,违反规定的程序强行关闭,一个错误的形象(如上所示)显示。
URL filter Green Dam filters website URLs using patterns contained in whitelist and blacklist files (*fil.dat, adwapp.dat, and TrustUrl.dat).网址过滤器的过滤器绿色大坝网站网址使用模式中的白名单和黑名单文件( * fil.dat , adwapp.dat ,并TrustUrl.dat ) 。 These files are encrypted with the same key-less scrambling operation as the blacklists for the text filter.这些文件是相同的加密密钥不太争相运作的黑名单案文过滤器。 Five of the blacklists correspond to the categories in the content filtering section of Green Dam's options dialog (shown below).五个黑名单对应的类别中的内容过滤部分绿色大坝的选项对话框中(如下所示) 。
We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter.我们发现的证据表明,其中的一些黑名单已采取由美国制造的过滤程序CyberSitter 。 In particular, we found an encrypted configuration file, wfileu.dat, that references these blacklists with download URLs at CyberSitter's site.尤其是,我们找到了一个加密的配置文件, wfileu.dat ,引用这些黑名单的下载网址CyberSitter的网站。 We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006.我们还发现了一个安装文件, xstring.s2g ,似乎这些黑名单日期至2006年。 Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter.最后, csnews.dat是一个加密的新闻简报2004年的CyberSitter 。 We conjecture that this file was accidentally included because it has the same file extension as the filters.我们猜想,这个文件是意外,因为它包含有相同的文件扩展名的过滤器。
Security Problems安全问题
After only one day of testing the Green Dam software, we found two major security vulnerabilities.仅一天的测试绿坝软件,我们发现了两个主要的安全漏洞。 The first is an error in the way the software processes web sites it monitors.首先是一个错误的方式,软件程序网站监管。 The second is a bug in the way the software installs blacklist updates.第二个是一个错误的方式安装的软件黑名单更新。 Both allow remote parties to execute arbitrary code and take control of the computer.各方都允许远程执行任意代码,并采取控制的计算机。
Analysis of the Green Dam Censorware System分析绿色大坝Censorware系统
http://www.cse.umich.edu/~jhalderm/pub/gd/ http://www.cse.umich.edu/~jhalderm/pub/gd/ http://www.cse.umich.edu/ 〜 jhalderm /酒吧/广东/ http://www.cse.umich.edu/ 〜 jhalderm /酒吧/广东/
Scott Wolchok, Randy Yao, and J. Alex Halderman斯科特Wolchok ,兰迪,姚明和J. Alex Halderman研讨
Computer Science and Engineering Division计算机科学与工程系司
The University of Michigan美国密西根大学
Revision 2.4 – June 11, 2009修订2.4 - 09年6月11日
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government.总结我们发现远程利用的漏洞在绿色大坝,检查软件授权据说中国政府。 Any web site a Green Dam user visits can take control of the PC.任何网站绿色大坝用户访问可以控制电脑。
According to press reports, China will soon require all PCs sold in the country to include Green Dam.据新闻报道,中国将很快要求所有销售的PC在该国,包括绿色大坝。 This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.该软件监控网站访问和其他活动,并在计算机上的成人内容块,以及政治上敏感的材料。
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors.我们审查了绿色大坝软件,发现它载有严重的安全漏洞,由于编程错误。 Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer.绿色大坝一旦安装后,任何网站的用户访问,可以充分利用这些问题来控制电脑。 This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet.这可能允许恶意网站窃取个人资料,发送垃圾邮件,或争取在一个僵尸网络的计算机。 In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.此外,我们发现漏洞的方式绿色大坝进程黑名单的更新,可以让软件制造商或其他人安装恶意代码在更新过程中。
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg.我们发现这些问题,不到12小时的测试,我们认为他们可能只是冰山的一角。 Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities.绿色大坝使得经常使用不安全的和过时的编程做法可能引进其他许多漏洞。 Correcting these problems will require extensive changes to the software and careful retesting.纠正这些问题,需要大量的修改,重新测试软件和认真。 In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.在此同时,我们建议用户在保护自己的绿色大坝立即卸载。
Green Dam displays this message when it detects banned phrases.绿色大坝显示此邮件时,发现被禁止的词组。
Introduction导言
Accordingly to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam.因此最近的新闻报道(纽约时报,华尔街日报) ,我国政府授权的是, 7月1日开始,每一个在中国销售的PC都必须包括一个审查程序称作绿色大坝。 This software is designed to monitor internet connections and text typed on the computer.该软件的目的是监测互联网连接和文字输入电脑。 It blocks undesirable or politically sensitive content and optionally reports it to authorities.该区块不良或政治上敏感的内容和选择报告给当局。 Green Dam was developed by a company called Jin Hui and is available as a free download.绿色大坝是由一家名叫靳回,并提供免费下载。 We examined version 3.17.我们审查版本3.17 。
How Green Dam Works如何绿色坝工程
The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications.绿色大坝软件内容过滤器拦截的网址和网站的图片和文字,通过监测其他应用软件。 The filtering blacklists include both political and adult content.过滤黑名单既包括政治和成人内容。 Some of the blacklists appear to have been copied from American-made filtering software.一些黑名单似乎被复制美国制造的过滤软件。
Image filter Green Dam includes computer vision technology used to block online images containing nudity.图像过滤绿色大坝包括计算机视觉技术用来阻止在线图片包含裸露。 The image filter reportedly works by flagging images containing large areas of human skin tone, while making an exception for close-ups of faces.图像过滤器的工作原理是据说含有标记的图像大面积的人的皮肤色调,而决策的一个例外,适用于近摄的面孔。 We've found that the program contains code libraries and a configuration file from the open-source image recognition software OpenCV.我们发现,该计划包含的代码库和一个配置文件从开源图像识别软件OpenCV 。
Text filter Green Dam scans text entry fields in various applications for blocked words, including obscenities and politically sensitive phrases (for example, references to Falun Gong).内容过滤器绿色大坝扫描文字输入的各种应用领域的封锁的话,包括猥亵和政治上敏感的词组(例如,提到***) 。 Blacklisted terms are contained in three files, encrypted with a simple key-less scrambling operation.列入黑名单的条款中包含三个文件,一个简单的加密密钥不太争相作业。 We decrypted the contents of these files: xwordl.dat, xwordm.dat, and xwordh.dat.我们解密的内容,这些文件: xwordl.dat , xwordm.dat ,并xwordh.dat 。 We also found what appears to be a word list for a more sophisticated sentence processing algorithm in the unencrypted file FalunWord.lib.我们还发现这似乎是一个单词列表的更复杂的句子处理算法的加密文件FalunWord.lib 。 When Green Dam detects these words, the offending program is forcibly closed and an error image (shown above) is displayed.当绿色大坝检测这些话,违反规定的程序强行关闭,一个错误的形象(如上所示)显示。
URL filter Green Dam filters website URLs using patterns contained in whitelist and blacklist files (*fil.dat, adwapp.dat, and TrustUrl.dat).网址过滤器的过滤器绿色大坝网站网址使用模式中的白名单和黑名单文件( * fil.dat , adwapp.dat ,并TrustUrl.dat ) 。 These files are encrypted with the same key-less scrambling operation as the blacklists for the text filter.这些文件是相同的加密密钥不太争相运作的黑名单案文过滤器。 Five of the blacklists correspond to the categories in the content filtering section of Green Dam's options dialog (shown below).五个黑名单对应的类别中的内容过滤部分绿色大坝的选项对话框中(如下所示) 。
We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter.我们发现的证据表明,其中的一些黑名单已采取由美国制造的过滤程序CyberSitter 。 In particular, we found an encrypted configuration file, wfileu.dat, that references these blacklists with download URLs at CyberSitter's site.尤其是,我们找到了一个加密的配置文件, wfileu.dat ,引用这些黑名单的下载网址CyberSitter的网站。 We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006.我们还发现了一个安装文件, xstring.s2g ,似乎这些黑名单日期至2006年。 Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter.最后, csnews.dat是一个加密的新闻简报2004年的CyberSitter 。 We conjecture that this file was accidentally included because it has the same file extension as the filters.我们猜想,这个文件是意外,因为它包含有相同的文件扩展名的过滤器。
Security Problems安全问题
After only one day of testing the Green Dam software, we found two major security vulnerabilities.仅一天的测试绿坝软件,我们发现了两个主要的安全漏洞。 The first is an error in the way the software processes web sites it monitors.首先是一个错误的方式,软件程序网站监管。 The second is a bug in the way the software installs blacklist updates.第二个是一个错误的方式安装的软件黑名单更新。 Both allow remote parties to execute arbitrary code and take control of the computer.各方都允许远程执行任意代码,并采取控制的计算机。
-------------------------------------------------------------------------------------------
一方有难,八方支援,万众一心,齐心协力,这是中国5千年文明传承的理由,这是中国的希望
发表于:2009-06-12 13:27:30
推荐:退役【我最不舍得的退役球员】——每个时代
...第9楼...
28
0
来自:保密
注册:2008-12-03
发帖:0+25
注册:2008-12-03
发帖:0+25
一看那山寨的安装界面就知道这软件的水准。
总结一下
绿坝软件 存在着严重的的安全漏洞。不幸的是这些问题是由于系统代码的缺陷造成的,它大量用了些低级的众所周知的不安全的编程技术,所有漏洞统统暴露再网络上。
如果现在中国每台机器都装上这东东的话 会严重降低中国网络安全
要解决这些问题不是简单的Patch就可以搞定的,核心程序都要重写 测试。7/1 号之前解决是不可能的啦。
所以为了你电脑的安全 请第一时间删掉它。
总结一下
绿坝软件 存在着严重的的安全漏洞。不幸的是这些问题是由于系统代码的缺陷造成的,它大量用了些低级的众所周知的不安全的编程技术,所有漏洞统统暴露再网络上。
如果现在中国每台机器都装上这东东的话 会严重降低中国网络安全
要解决这些问题不是简单的Patch就可以搞定的,核心程序都要重写 测试。7/1 号之前解决是不可能的啦。
所以为了你电脑的安全 请第一时间删掉它。
-------------------------------------------------------------------------------------------
这个家伙很懒,什么也没留下......
发表于:2009-06-12 13:50:47
推荐:娘娘,我要挑戰你,標題要長,動的入
...第12楼...
1568
139
来自:上海
注册:2007-01-18
发帖:317+11829
注册:2007-01-18
发帖:317+11829
发表于:2009-06-13 00:43:10
推荐:当爸爸的过来放和BB照片~~你比他们潮?比他们有爱么?
...第15楼...
回复主题 [ 返回宽带山KDS ]  |
|
|---|---|
| 主题: | 密歇根大学绿坝分析报告(ZT) |
手机看宽带山
人像摄影推荐
