收藏本站腾讯微博新浪微博

经典论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

蓝色理想 最新研发动态 网站开通淘帖功能 - 蓝色理想插件 论坛内容导读一页看论坛 - 给官方提建议

论坛活动及任务 地图和邮件任务 请多用悬赏提问 热夏来袭,选一款蓝色理想的个性T恤吧!

手机上论坛,使用APP获得更好体验 急需前端攻城狮,获得内部推荐机会 论坛开通淘帖功能,收藏终于可以分类了!

搜索
查看: 1348|回复: 11

[闲聊] 好久没发贴,今天看到绿霸的新闻,忍不住要发一个

[复制链接]
发表于 2009-6-15 10:18:47 | 显示全部楼层 |阅读模式
绿霸被指抄袭。
原文标题:China's Filtering Software Contains Pirated Code
原文地址:http://www.pcmag.com/article2/0,2817,2348705,00.asp
( Pirated是盗版的意思)
Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.

Solid Oak软件公司,CyberSitter的开发者,发表声明说绿霸用户界面的外观和感受酷似CyberSitter的风格,Brian Milburn说,更要命的是,绿霸使用了签署有CyberSitter名字的DLL,甚至还会向Solid Oak的服务器请求更新。

全部原文:
The "Green Dam" filtering software that the Chinese government is reportedly requiring for all PCs sold there contains pirated code, a U.S. software manufacturer claimed Friday.

Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.

Green Dam is a piece of filtering software that will reportedly be required for all PCs sold inside China. The software is already available in China, although the restrictions go into place on July 1, according to The New York Times.

According to a study by the University of Michigan, the Green Dam software works to identify images, text, and URLs and compares them to a filter, which blocks the offending work. The researchers took the publicly available software and reverse-engineered it, using standard methods. Inside, the study's author, assistant professor of electrical engineering J. Alex Halderman, found evidence that the software uses blacklists compiled by CyberSitter, dating back to 2006. An encrypted news bulletin, which dates back to 2004, was also accidentally included, Halderman wrote.

"We've been talking with them since the report came out yesterday," Halderman said in an interview.

To Halderman, the Green Dam software presents two fundamental problems: one, that the software contains vulnerabilities that would allow others to spy on the activities of those who use it; and second, that it might contain code stolen from another manufacturer. The Chinese developer of the Green Dam software appears to have accidentally created the vulnerabilities, Halderman said, rather than being a deliberate attempt to allow government agencies to monitor its citizens online.

"If we apply reasoning to this, we would conclude that the government wants a backdoor it could access, and others could not," Halderman said.

Version 3.17 of the Green Dam software appears to contain both the references to the blacklists as well as the allegedly stolen code. But the software is also being frequently updated, and the most recent patch, applied Thursday, appears to eliminate many of the blacklist references to Solid Oak, Halderman said.

"I think the bottom line is that the Chinese government is trying to roll out the software without doing their due diligence," Halderman said. "Clearly, there needs to be more time to evaluate the software both in terms of legality and in terms of security before it is rolled out on a widespread basis."

That was small consolation to Solid Oak's Milburn, who said that he had received an anonymous email sent to a broadcast address at the site Friday morning alerting the company that Green Dam was using Solid Oak code. He dismissed it, thinking it was a hoax. But another employee researched it and found that the allegation was indeed true, and that both URLs and other Solid Oak code, including DLL files, were part of Green Dam. After doing a bit of research he found the U. of Michigan paper and contacted Halderman.

"From the stuff they've posted, I'm 100 percent certain they're using our proprietary code," Milburn said, who said he wasn't certain how much of the code was reverse-engineered or simply stolen.

"We're still trying to do the detective work here," Milburn said.

At press time, Solid Oak had determined that the filtering engine or parts of it on lower level had been decompiled, using certain proprietary methods. Solid Oak doesn't ship a Chinese-language version of CyberSitter. But, Milburn said, "the words a user sees on the screen are almost identical to ours."

According to Milburn, the company spent Friday trying to determine what its options were, and what avenues it could pursue to try and prevent its code from being misused.

According to The New York Times, PC OEMs were blindsided by the Green Dam requirement, and have tried to figure out how they could add the software to their production lines just six weeks before the mandate was scheduled to take place. Dell, Hewlett-Packard, and other OEMs would be required to add the software to their PC distributions.

But would they if it contributed to software piracy? "To my mind, [shipping Green Dam] would make the PC manufacturers an accessory after the fact to software piracy," Milburn said. "I would think that the PC manufacturers wouldn't want to do that if I were in their position."

"We haven't had any opportunity to explore our options," Milburn said. "At the very minimum, I believe we would pursue some sort of injunction."

Theoretically, this could place PC OEMs wishing to do business in China with a nearly impossible choice: face the threat of an injunction or suits within the United States, risk angering the Chinese government by removing the Green Dam software, or halt PC sales into China altogether. Representatives at Hewlett-Packard and Dell were unable to be reached for comment by press time.

This isn't the first time Solid Oak's code has been stolen, Milburn said. In the late 1990s, hackers reverse-engineered CyberSitter, which prevents underage children from accessing pornography or other adult content, to allow users to access such content.

The hackers, as well as other detractors, have previously accused Solid Oak and CyberSitter of censoring the Internet. "That's why we don't want to be associated with it," Milburn said of Green Dam.

Moreover, potentially millions of Chinese PC users could hit Solid Oak's servers for updates, causing them huge fees for the additional bandwidth costs the company would be charged for.

One obvious solution to the problem would be to block access to China, a move that would also cut off a number of American schools in China, including missionary schools, that use the software as a legitimate means of preventing children from accessing the adult content. Some organizations with satellite offices in Singapore, Korea, or other South Asian countries might also be affected.

"They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.
1.jpg
2.jpg
3.jpg
发表于 2009-6-15 10:41:35 | 显示全部楼层
这回公工*部要撞墙了。
回复 支持 反对

使用道具 举报

发表于 2009-6-15 10:45:46 | 显示全部楼层
哈哈哈
回复 支持 反对

使用道具 举报

发表于 2009-6-15 10:54:17 | 显示全部楼层
以前啊,总在网上能看到XX图,自从有了绿坝,不用担心看到XX图片了,一口气打所有网站,全是XX不费劲。
回复 支持 反对

使用道具 举报

发表于 2009-6-15 10:55:18 | 显示全部楼层
我们都偷笑吧。。。。
回复 支持 反对

使用道具 举报

发表于 2009-6-15 11:50:00 | 显示全部楼层
绿霸使用了签署有CyberSitter名字的DLL,甚至还会向Solid Oak的服务器请求更新。
回复 支持 反对

使用道具 举报

发表于 2009-6-15 11:54:02 | 显示全部楼层
回复 支持 反对

使用道具 举报

发表于 2009-6-15 12:24:24 | 显示全部楼层
驴吧真是笑话不断啊,真正的脑殘都进政府部门了。
回复 支持 反对

使用道具 举报

发表于 2009-6-15 12:32:23 | 显示全部楼层
原帖由 [i]ling3492 于 2009-6-15 12:24 发表
驴吧真是笑话不断啊,真正的脑殘都进政府部门了。

脑袋灵光的能进得了政府部门吗????
回复 支持 反对

使用道具 举报

发表于 2009-6-15 12:39:44 | 显示全部楼层
中国程序员的素质突显出来了。
什么都是可以抄的……
呵呵,这回大祸了
等着看戏
回复 支持 反对

使用道具 举报

发表于 2009-6-15 12:41:55 | 显示全部楼层

回复 9# liuzuq 的帖子

在政府里面工作的人脑子才是好使的哦,如果不是,咋管得了你啊,不过驴巴真的是很牛啊,哈哈哈
回复 支持 反对

使用道具 举报

发表于 2009-6-15 12:51:45 | 显示全部楼层
等着看后续
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|小黑屋|Archiver|手机版|blueidea.com ( 湘ICP备12001430号 )  

GMT+8, 2020-4-8 00:36 , Processed in 0.110071 second(s), 11 queries , Gzip On, Memcache On.

Powered by Discuz! X3.2 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表