China's Green Dam, No Longer Compulsory, May Have Lifted Code 116
LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.
Given the situation (Score:4, Insightful)
If china PCs had been hammering my servers for updates to their plagiarized software, I'd have called the CIA to see what to slip in next update. Much more fun but oh so less publicity :/
Obvious DLL update... (Score:3, Insightful)
Now if they can just figure out a way to get those DLLs to display "The Chinese Government is Oppressing you. Remember the valiant souls who gave their lives trying to earn your freedom at Tienanmen Square!" on all the computer screens in China...
Re:Sounds like Cybersitter contributed (Score:5, Insightful)
We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
I think the most likely scenario is that someone walked out of Cybersitter, Inc. with a thumb drive full of code. I guess you could call that (2), but I think it's more likely that a contractor (or even offshore development team) pinched the code via copy than a team of black hats in Hunan broke into Cybersitter's servers.
By the way, you might find google's toolbar, which spellchecks, helpful before you compromize and plagurize more posts ;-)
What a waste (Score:5, Insightful)
Re:Sounds like Cybersitter contributed (Score:2, Insightful)
It looks more that they took the dll's from a commercial version of Cybersitter and did some limited reverse engineering to get hands on some function calls. I guess they want to save the effort for keeping a pron blacklist up-to-date.
It's not so hard and rather dumb than using devilish haxzor skillz to fully reverse engineer Cybersitter.
ChiCom Intelligence strikes again (Score:3, Insightful)
Reminds me of when the KGB used to spend a huge chunk of their resources stealing American technology, then slavishly copying it to the tiniest detail, right down to the manufacturers' logos on the dies.
There's something about Communism that eats home-grown innovation alive. . . .
Re:What a waste (Score:2, Insightful)
Re:Sounds like Cybersitter contributed (Score:1, Insightful)
We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
4) Cybersitter developed their code using outsourced labor... that had been outsourced to Shanghai
5) Cybersitted didn't outsource their code, but some of the programmers they hired decided it was easier to hire somebody in Chengdu, so they could just go surfing all day while the person they hired did all the actual work
Fantastic!!! (Score:3, Insightful)
Re:None of this should be surprising (Score:3, Insightful)
They are on a war footing, apparently we keep fooling ourselves into thinking everyone wants to play nice.
We also fool ourselves that they need us. Well news for those reading, They don't.
There is a reason they laughted at Geithner [businessinsider.com]
Re:I'm a Chinese and even I'm gobsmacked (Score:3, Insightful)
I don't think the Chinese government cares at all about "checks and balances".. The whole Chinese culture is about getting the cheapest product possible.
Remember the flash games for the Olympics website that were re-skinned ripoffs?
Remember the babies that died from the milk that had a whitening substance in it so they could water it down?
This is the countrie that sells fake eggs. It's like a sausage.. This is the country that sells cardboard with fat and food coloring as hotdogs.
For a 'communist' nation they're pretty hardcore capitalistic.
The most likely scenario... (Score:4, Insightful)
CCP member and government official "Mister Wang" finds out about a party directive to more directly control internet surfing in one of the "secret" directives often issued by the government to the MII. So he calls his nephew, "Mister Lee," and tells him that if he has a software package that can meet the following requirements (secret list supplied), he will fast track approval for the software and split the revenue (silently, of course...through a foreign bank account). Because after some initial "trial period" the computer companies will be forced to purchase this software. Instant revenue stream. ka-ching (which means "fucking pay me, you laowai clod" in Mandarin)
Unfortunately, Mister Lee has no such software. So he hires some Chinese black hats to grab the code from something resembling the requirements from a foreign company. The foreign company will have zero recourse since Mister Wang is "connected" and the Chinese government tends to wink at this behavior anyway. Since Mister Wang is steamrolling the software through the government's maze of approvals, nobody even bothers to QC the code prior to mandating its use.
With the exception of the surnames, I'm reasonably sure that's EXACTLY how this clusterfuck was perpetrated.
All your code are belong to us. Set us up the firewall....
Since copyright is a government grant (Score:1, Insightful)
how can this be called stolen code?
The originators still have it.
And oddly nobody on slashdot is yet pointing this out (unlike what would have happened if a USian were accused of stealing Photoshop, for example.
Is this because it's China doing it?