From Technology Review.
Controversy erupted this week over reports that the Chinese government plans to require all computers sold in the country to come with software that screens for objectionable websites. Although initial criticism came from privacy advocates and those most concerned about censorship, experts have also now found that the software could introduce critical security risks to computers across the country.
According to the BBC, the software communicates in plain text with central servers at its parent company. Not only does this potentially place personal information in the hands of eavesdroppers, but it could also allow hackers to take over PCs running the software, creating a massive zombie network that could deliver spam or attack other computers across the globe…
Ed Felten has followed up on this, drawing attention to an investigation by security researchers which confirms the story. Ed concludes:
This is a serious blow to the Chinese government’s mandatory censorware plan. Green Dam’s insecurity is a show-stopper — no responsible PC maker will want to preinstall such dangerous software. The software can be fixed, but it will take a while to test the fix, and there is no guarantee that the next version won’t have other flaws, especially in light of the blatant errors in the current version.