作战2000论坛

标题: 貌似“绿坝”出了大丑了 震惊米帝国 [打印本页]
作者: cloudy    时间: 2009-6-14 00:16
标题: 貌似“绿坝”出了大丑了 震惊米帝国
MACFANS论坛上看的
5 `+ D9 b5 e- i6 s0 a- n0 w' w' |3 L' `7 L* i2 @( s% {6 E
China's Filtering Software Contains Pirated CodeDoes 'Green Dam' steal code from CyberSitter? And what are PC OEMs to do?
% U: {- X- c  I; G( |* ~: [6 W1 w# o
The "Green Dam" filtering software that the Chinese government is reportedly requiring for all PCs sold there contains pirated code, a U.S. software manufacturer claimed Friday.9 X$ n4 E" _) u1 l% N/ n; O) C
% w, c& M/ |" E% u6 ~
Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.% P) v8 z/ M" G/ c; v4 _, ]

$ i. t, U6 L+ o  E1 ^Green Dam is a piece of filtering software that will reportedly be required for all PCs sold inside China. The software is already available in China, although the restrictions go into place on July 1, according to The New York Times.7 A! j6 P9 o* Q% h$ Y7 [# E
9 E+ [- _5 x4 s, j
According to a study by the University of Michigan, the Green Dam software works to identify images, text, and URLs and compares them to a filter, which blocks the offending work. The researchers took the publicly available software and reverse-engineered it, using standard methods. Inside, the study's author, assistant professor of electrical engineering J. Alex Halderman, found evidence that the software uses blacklists compiled by CyberSitter, dating back to 2006. An encrypted news bulletin, which dates back to 2004, was also accidentally included, Halderman wrote.
% g4 V4 }" t% @# d! m
$ p7 T1 X( S& X! q2 P' w' a"We've been talking with them since the report came out yesterday," Halderman said in an interview.
  J  X  M+ n' g. O1 [+ y
4 }" N- m) _& P& Q/ m  uTo Halderman, the Green Dam software presents two fundamental problems: one, that the software contains vulnerabilities that would allow others to spy on the activities of those who use it; and second, that it might contain code stolen from another manufacturer. The Chinese developer of the Green Dam software appears to have accidentally created the vulnerabilities, Halderman said, rather than being a deliberate attempt to allow government agencies to monitor its citizens online.
' G/ i3 \1 C" T8 D9 ~" h) w. B
% _, s8 {' y0 d"If we apply reasoning to this, we would conclude that the government wants a backdoor it could access, and others could not," Halderman said.
9 Y5 e+ O; E8 K; s" d0 T
9 e+ e" t& l+ T4 \9 zVersion 3.17 of the Green Dam software appears to contain both the references to the blacklists as well as the allegedly stolen code. But the software is also being frequently updated, and the most recent patch, applied Thursday, appears to eliminate many of the blacklist references to Solid Oak, Halderman said.
  P9 \' h( S" }* v& e# L5 Z# t) A" t) N9 D+ s) d% D
"I think the bottom line is that the Chinese government is trying to roll out the software without doing their due diligence," Halderman said. "Clearly, there needs to be more time to evaluate the software both in terms of legality and in terms of security before it is rolled out on a widespread basis."
9 ~' s6 @( R9 @& Y* o( o: l* o. }* y( c- f* z1 o8 ^" i' j2 g
That was small consolation to Solid Oak's Milburn, who said that he had received an anonymous email sent to a broadcast address at the site Friday morning alerting the company that Green Dam was using Solid Oak code. He dismissed it, thinking it was a hoax. But another employee researched it and found that the allegation was indeed true, and that both URLs and other Solid Oak code, including DLL files, were part of Green Dam. After doing a bit of research he found the U. of Michigan paper and contacted Halderman., e. m2 U" W, j8 y! I+ P& V
- U  j' P6 U, U
"From the stuff they've posted, I'm 100 percent certain they're using our proprietary code," Milburn said, who said he wasn't certain how much of the code was reverse-engineered or simply stolen.
2 f# f1 S( v8 v. Q$ p7 Q
; m# Y# |$ d* P7 t; D: k, n# C' L: T"We're still trying to do the detective work here," Milburn said.( n( C2 U& O7 `) O$ f" W, Y" M
. ~# ?7 _" v/ {, ~
At press time, Solid Oak had determined that the filtering engine or parts of it on lower level had been decompiled, using certain proprietary methods. Solid Oak doesn't ship a Chinese-language version of CyberSitter. But, Milburn said, "the words a user sees on the screen are almost identical to ours."
4 Z6 P5 R. b! f) W8 z7 |$ {; V
. D( f+ q9 W5 F# S- w+ BAccording to Milburn, the company spent Friday trying to determine what its options were, and what avenues it could pursue to try and prevent its code from being misused.& a$ c2 O( \& }3 q

( I+ _9 Y3 D$ @1 D& uAccording to The New York Times, PC OEMs were blindsided by the Green Dam requirement, and have tried to figure out how they could add the software to their production lines just six weeks before the mandate was scheduled to take place. Dell, Hewlett-Packard, and other OEMs would be required to add the software to their PC distributions.
5 E  C0 v. O$ x8 p- w
/ ^5 b" V. ?7 X1 F9 q0 S# |But would they if it contributed to software piracy? "To my mind, [shipping Green Dam] would make the PC manufacturers an accessory after the fact to software piracy," Milburn said. "I would think that the PC manufacturers wouldn't want to do that if I were in their position."" m) i. s+ ]) \, P* U& @; j
4 Y6 l, x) v8 a5 S+ e
"We haven't had any opportunity to explore our options," Milburn said. "At the very minimum, I believe we would pursue some sort of injunction."5 A7 ]  W2 T) ]

9 H2 ^( R( d' C- D% f8 RTheoretically, this could place PC OEMs wishing to do business in China with a nearly impossible choice: face the threat of an injunction or suits within the United States, risk angering the Chinese government by removing the Green Dam software, or halt PC sales into China altogether. Representatives at Hewlett-Packard and Dell were unable to be reached for comment by press time.% O+ e1 m' V- \3 i
& B& r! n( D$ s
This isn't the first time Solid Oak's code has been stolen, Milburn said. In the late 1990s, hackers reverse-engineered CyberSitter, which prevents underage children from accessing pornography or other adult content, to allow users to access such content.
' x! U: P+ ]$ ?5 T- A$ Z2 L" f& A5 f  |4 I7 [
The hackers, as well as other detractors, have previously accused Solid Oak and CyberSitter of censoring the Internet. "That's why we don't want to be associated with it," Milburn said of Green Dam.) N& `- o: w+ i! h$ i: H, J
5 k$ {2 r  t' @5 r5 Y) C/ Y* h
Moreover, potentially millions of Chinese PC users could hit Solid Oak's servers for updates, causing them huge fees for the additional bandwidth costs the company would be charged for.) y- R# ^. J) p9 \8 C4 U6 }" ]
# p2 U8 E* _9 s. v# A
One obvious solution to the problem would be to block access to China, a move that would also cut off a number of American schools in China, including missionary schools, that use the software as a legitimate means of preventing children from accessing the adult content. Some organizations with satellite offices in Singapore, Korea, or other South Asian countries might also be affected.
8 a1 X' E8 A. R) o% Q: h+ n. @- c" K/ S8 R8 F* i
"They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.
7 `9 P% _$ f# H- Q0 [3 S/ C4 B7 ~* `
原帖地址:http://www.pcmag.com/article2/0,2817,2348705,00.asp1 ^2 N$ w6 ]) F. N9 `' O

# l5 k; l) X& H: ~3 F$ `5 w- @1 N2 m7 o7 r1 r# T/ x
工信部日前下文要求国内新售电脑必须预装一款名为“绿坝-花季护航”的绿色上网软件,然而,有多名网友指出:该软抄袭并盗用了国外一项名为OpenCV的开源技术而非所谓具有“自主知识产权”的产品。! y8 b: G4 t, H
21CN记者在美国密歇根大学的官方网站上发现了一个对“绿坝”的检测报告。该报告指出,“绿坝”使用了OpenCV的haar分类器进行人脸检测。而“绿坝”主要用于不良图像过滤的文件cximage.dll、CImage.dll、xcore.dll和Xcv.dll来自OpenCV,但是“绿坝”中并没有列出OpenCV的BSD许可证。对此,业内人士指出,“绿坝”已经构成侵权。有人质疑“绿坝”的开发者像在论文抄袭,内容照搬过来了却署上自己的名字。. g/ s* u9 ~! F
21CN记者在开发“绿坝”的郑州金惠公司的网站上发现这样一段文字介绍:“金惠反黄专家系统”成为中国唯一具有图像识别技术的自主知识产权的信息安全过滤产品,为中国网络信息安全行业自主发展开创新**。 ”随后记者登录中国国家知识产权局的网站亦检索到200510048576.6、200510048577.0和200510048578.5等三项属于金惠公司的不良图像信息过滤堵截专利。4 `* f" \: {0 U9 ]% b& F' n
对此,21CN记者发函给OpenCV在中国的项目负责人。该负责人透露,根据他的检测“绿坝”的核心识别程序文件“XFImage.xml”完全来自OpenCV的“haarcascade_frontalface_alt2.xml”,“绿坝”只是将源文件中的版权信息删除,内容跟OpenCV提供的文件完全相同。$ V' N; {0 W; ]) d5 ~- O
另外21CN记者在网络上了解到,一些主要的社区和网站对“绿坝”软件的安全性和稳定性都提出了不同程度的质疑。在上面提到的密歇根大学的检测报告里面也提到:Scott Wolchok, Randy Yao和J. Alex Halderman三名研究人员发现“绿坝”多个严重的安全隐患,包括一个可以被远程利用的栈溢出漏洞,也是说当装上“绿坝”就等于给黑客打开了后门。同时国内一家著名杀毒软件公司的专家研究后表示,“绿坝—花季护航”确实存在可以被黑客控制的漏洞,建议绿坝软件开发者能够尽快拿出补丁程序。在补丁出来之前,用户可以暂停使用绿坝的过滤功能。$ q1 d5 X% p- g% j& s  U
据多家网站报道,目前已经有5000多万台电脑装上了“绿坝”软件。不过,记者在网上搜索发现,很多用户指装上“绿坝”后浏览器容易发生崩溃、系统莫名其妙死机等问题。5 z- k% ?0 H( z+ R
进一步情况,21CN记者将会继续跟进。
作者: 穿短裤的暴徒    时间: 2009-6-14 00:23
很多用户指装上“绿坝”后浏览器容易发生崩溃、系统莫名其妙死机等问题。

. H! R5 O1 J& J* p% O! O. t4 C0 R) Q
要的就是这个效果  电脑系统都坏了 上不了网 当然接触不到不良信息了3 O4 a  a4 k, m6 R- M7 E4 ~
2 j& A) m2 i5 E: T: I$ a, V- D
高 实在是高 治病治到根了
作者: Uther中士    时间: 2009-6-14 00:24
==============================9 m" Y7 d& J2 a  i
该用户的发言已被绿坝软件暴菊花) A; y, a4 _$ `6 c$ T
==============================
作者: superman911    时间: 2009-6-14 00:25
见怪不怪了,这东西能有能耐实现统一预装,自然有它的厉害之处,不是软件而是人。。。。。
作者: mayoasis    时间: 2009-6-14 00:27
本帖最后由 mayoasis 于 2009-6-14 01:50 编辑
9 P: C# L$ n0 y$ d, K! k& E; s, {* {+ W9 y4 F0 ^
上面的人总想用自己的智商来娱乐全世界的人
作者: cloud    时间: 2009-6-14 00:29
中国现在就是喜欢用这种假高科技来雷全世界…………………………
作者: asde90hk    时间: 2009-6-14 00:30
大家有所不知, 绿坝的資料庫可說是令小孩變成大人的捷徑
作者: rotoruaboy    时间: 2009-6-14 00:51
大家不必在意,这是典型的中国式幽默, 每年都会有那么几档子
作者: ksc    时间: 2009-6-14 01:04
飞鸽传书,画像传情就是了,取消一切电子通信系统,发他吗什么邮件打他吗什么电话上他吗什么网都拿笔拿纸自己写去。
作者: Rick2    时间: 2009-6-14 09:33
网上有消息称金惠公司有pla的背景
作者: eyehategod    时间: 2009-6-14 10:32
我个人的理解,不能因为具体绿霸这个软件的无能和相关政府执行者的无能就低估了这个事情对公民个体和们组整体的危害,从纸媒平媒被阉割并养成自我阉割的好习惯,到互联网门户网站长期的阉割到自我阉割,从关键字屏蔽系统逐步发展壮大到几乎是半本新华字典到GFW成功地把中国互联网变成超大型局域网,直到现在的绿霸可以说是在逐步完成GFW的客户端,这一步步就是温水煮青蛙,别人在进步,我们却又堕回闭关锁国的政策,对中华民族的危害,我们看看北朝鲜就知道了。
作者: scar    时间: 2009-6-14 10:35
提示: 作者被禁止或删除 内容自动屏蔽
作者: 穿短裤的暴徒    时间: 2009-6-14 11:47
比北棒我们还是很幸福滴 人家上网每分钟25个美个里啦
作者: 金属外壳    时间: 2009-6-14 12:14
绿坝其实是天网的测试版本
作者: 切特务    时间: 2009-6-14 14:14
实事求是的说:用毛笔写信比用EMAIL或者手机短信来泡妞,效果会好很多。不仅上道快,泡到的层次也高些。坛子里的处男们可以试试看。但千万别用word的中文正楷狂草隶书什么的来蒙人。
作者: sig    时间: 2009-6-14 14:24
实事求是的说:用毛笔写信比用EMAIL或者手机短信来泡妞,效果会好很多。不仅上道快,泡到的层次也高些。坛子里的处男们可以试试看。但千万别用word的中文正楷狂草隶书什么的来蒙人。
: ^/ ^7 u/ Z- w+ l切特务 发表于 14-6-2009 14:14
# i$ y; F2 ^( s7 v4 X% e* D
毛笔书法多年不练啦……看来得重新拿出来……
作者: gcalrk    时间: 2009-6-14 14:33
看来 我这IT行要被人炒囖  那位仁兄有工作啊  小的面临失业囖
作者: leehao    时间: 2009-6-14 16:58
思想控制啊···舆论控制啊。。。新高度啊新高度!!!
作者: jason-lee    时间: 2009-6-14 17:11
周兄的那句名言:无知的不一定是领导,但领导一定是无知的.....
作者: fisher    时间: 2009-6-14 21:49
果然是新高度,回头寸板不让下海算了
作者: noxss    时间: 2009-6-14 22:09
我在想啊,能不能反编译绿坝呢,了解其分析机制然后反其道而行之,结合网络蜘蛛搜索工具变成自动片源嗅探器。。。{:3_127:}
作者: cloudy    时间: 2009-6-14 22:14
LS好想法啊 如果成功 那将成为一款多么淫荡的软件  无限憧憬中。。。。。
作者: sig    时间: 2009-6-14 22:45
LS的LS有道理!谁给个绿坝下载?我下个月就有空了~到时看看!
作者: sunssj    时间: 2009-6-14 23:37
SB绿坝,这样下来机子里就什么都不能放了~还让不让人活了啊!
作者: foxheat    时间: 2009-6-15 08:34
我在想啊,能不能反编译绿坝呢,了解其分析机制然后反其道而行之,结合网络蜘蛛搜索工具变成自动片源嗅探器。。。{:3_127:}5 w: w" J6 V7 S# n' v7 A5 N
noxss 发表于 2009-6-14 22:09
" h2 k; H  y0 T; n, C
0 J  N' m/ W5 l
也许就是为了将有这种想法的人一网打尽的陷阱,领导的真实意图岂是我等土鳖所能揣测的?! n2 v% O( [6 T" Y
9 \2 X& M" C/ f/ e8 _$ ^5 ]
天朝万岁!土鳖领导万岁!
作者: dboy    时间: 2009-6-15 09:38
LS好想法啊 如果成功 那将成为一款多么淫荡的软件  无限憧憬中。。。。。
! {! w9 `4 F" T) F+ P, `8 qcloudy 发表于 2009-6-14 22:14
) R% A; u3 n5 f# |# |

( G) n; J; r: l( |$ ~- W试用过的人说,连MOP都被屏敝了,可想而知那个列表里有多少水分。
作者: jam    时间: 2009-6-15 09:56
挨着就死,碰着就完……) O9 k7 }% \( h! Q7 \! {. ~! _6 T
# v, V, x+ q+ ~
装了绿坝之后,连奥运跳水比赛都看不了的……
作者: rotoruaboy    时间: 2009-6-15 10:02
挨着就死,碰着就完……+ _0 g3 m* G( @) n# F
3 t: `6 Y8 h& |" [7 t# m! p
装了绿坝之后,连奥运跳水比赛都看不了的……$ n7 R1 i& F! [, S8 k
jam 发表于 2009-6-15 01:56
生猪养殖的科教片,做白切鸡的烹饪节目,恐怕也看不了
作者: jam    时间: 2009-6-15 10:21
那些什么玉兰油广告都不能在网络上做了。
作者: 黑色柳丁    时间: 2009-6-15 11:57
这样盗用别人的开源技术有能有效的降低开发周期和软件成本,更早的进行言论控制。手段多好啊,而且可以实现利益最大化,剩下的米又可以供某些人挥霍一阵鸟··········
作者: 永远的孤独    时间: 2009-6-15 12:29
还不是打着这种旗号去弄点钱花~~习惯了`~
作者: gfnuiyyqq    时间: 2009-6-16 19:22
==============================0 T+ U/ |4 s' i1 p& z
该用户的发言已被绿坝软件暴菊花# ^  ~( h/ W7 S" g
==============================1 I. B! I' b# Q1 m
Uther中士 发表于 2009-6-14 00:24

0 J9 T. F' k( x6 g8 k3 S
0 Q6 j2 _2 @5 q: k2 n4 v/ y
9 L9 N# c0 D, o6 x: P2 K. i你的签名说明你也看过那个视频。。。经典的视频



欢迎光临 作战2000论坛 (http://www.combat2000.cn/) Powered by Discuz! X3.2