Chinese Web Filtering Plans Come Under Attack

The Chinese government has ordered the makers of the Green Day Youth Escort Web filtering program to fix any software vulnerabilities. The Chinese government's plan to mandate that all PCs sold in the country include the software has come under fire from critics accusing the software's designers of stealing code from a U.S.-based vendor. Other critics have raised concerns about censorship.

A Chinese company behind an Internet filtering program backed by the Chinese government is fighting back against critics as it looks to address reported software vulnerabilities.

The company, Jinhui Computer System Engineering, has been accused of using pirated technology from U.S.-based Solid Oak Software in its Green Dam Youth Escort program. In a report released last week, researchers from the University of Michigan accused the Chinese vendor of using blacklists from Solid Oak Software's product. The report also outlines a number of security vulnerabilities.

The criticism comes after China ordered copies of the program be distributed with all PCs sold in the country starting in July. According to reports, China's Ministry of Industry and Information Technology has ordered the company to fix any security issues in the software as soon as possible.

Bryan Zhang, general manager of the company that designed Green Dam, conceded in an interview with the China Daily that hackers could exploit flaws in the software. He denied, however, stealing any programming code from Solid Oak Software's CyberSitter product.

The University of Michigan report though alleges there is evidence several blacklists were taken from CyberSitter. In particular, the researchers found an encrypted configuration file, wfileu.dat, which references blacklists with download URLs at CyberSitter's site.

"We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006," the researchers wrote. "Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter. We conjecture that this file was accidentally included because it has the same file extension as the filters."

Officials at Solid Oak Software told the Wall Street Journal they are seeking an injunction to prevent U.S. companies from shipping PCs with the Chinese software.

Meanwhile, there has been an outcry over censorship, as reports have come out that while Chinese officials have said Green Dam is only meant to filter pornographic and violent images, it also reportedly blocks sites that mention subjects such as the spiritual group Falun Gong and the brutal crackdown on protesters in Tiananmen Square in 1989.

Criticizing the University of Michigan report, Zhang threatened that the company may take legal action against the report's authors.

"It is not responsible to crack somebody's software and publish the details, which are commercial secrets," he told the China Daily. "I think the negative comments and attacks on Green Dam are intentional."