Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Green Dam

Published: 2009-06-12
Last Updated: 2011-01-24 23:52:06 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

China has mandated that software that can block certain sites and content be installed on all new computers. While this is certainly very interesting from a sociological and political point of view, the security implications are significant. Millions of computers must be running this particular piece of software. Even more so is that the software appears to be buggy. User experiences indicate that it does not work very well, and makes the computer sluggish. Analysis of the code has identified a number of vulnerabilities, at least one of which is exploitable. More than one remotely exploitable buffer overflow has been reported, with exploit code that is delivered via IIS or potentially any web site. It takes advantage of the Green Dam software as it interacts with Internet Explorer or other browsers. Think of the damage that can be done with a botnet or botnets with somewhere around 50 million systems! Another possible impact is the potential for other parties to monitor Internet activity, control, steal information, or otherwise interrupt the majority of computers in a single country. The analysis by Scott Wolchok, Randy Yao, and J. Alex Halderman of the The University of Michigan is available here. The exploit code certainly is not difficult to find.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords: exploit green dam
0 comment(s)
Diary Archives