http://www.cse.umich.edu/~jhalderm/pub/gd/
Analysis of the Green Dam Censorware System

Scott Wolchok, Randy Yao, and J. Alex Halderman
Computer Science and Engineering Division
The University of Michigan

Revision 2.4 – June 11, 2009

Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

The analysis shows that
1.Green Dam was made by a lot of inexperianced programmers with inadequate knowledge of either secure programming or encryption
2.Open source code was abused
3.Link database data steals from a US competitor

Well, here's all its honors
National Development and Reform Commission Approval (NDRC Circular[2004]#2040) as "Major Software Industrialization Project", the only approved filtering software project of its kind nationwide
Ministry of Science and Technology (MOST Circular[2004]#449) Approval for "technological innovation project funding"
” Ministry of Industry and Information Technology (MIIT Circular[2005]#9) Approval for "electronic information industry development project funding"
   Only the China Internet Illegal Information Reporting Center (ciirc.china.cn) has officially recommended Green Dam.
   Awarded first prize at the Ninth Chinese International Software Expo
First prize at the 2005 Zhengzhou Advanced Adaptive Technology Trade Fair
First prize in technological advancement from Zhengzhou City

The group which did the analysis is the one who did the cold boot attack in 2008

"any web site the user visits can exploit these problems to take control of the computer"
> I thought all websites were blocked/filtered in China, so if there is no website, there is no attack;
Another good idea from Chinese government