Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Green Dam SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Green Dam

China has mandated that software that can block certain sites and content be installed on all new computers. While this is certainly very interesting from a sociological and political point of view, the security implications are significant. Millions of computers must be running this particular piece of software. Even more so is that the software appears to be buggy. User experiences indicate that it does not work very well, and makes the computer sluggish. Analysis of the code has identified a number of vulnerabilities, at least one of which is exploitable. More than one remotely exploitable buffer overflow has been reported, with exploit code that is delivered via IIS or potentially any web site. It takes advantage of the Green Dam software as it interacts with Internet Explorer or other browsers. Think of the damage that can be done with a botnet or botnets with somewhere around 50 million systems! Another possible impact is the potential for other parties to monitor Internet activity, control, steal information, or otherwise interrupt the majority of computers in a single country. The analysis by Scott Wolchok, Randy Yao, and J. Alex Halderman of the The University of Michigan is available here. The exploit code certainly is not difficult to find.

Adrien de Beaupré Inc.

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Cyber Security Mountain: Oct 2021

Adrien de Beaupre

353 Posts
ISC Handler
Jun 12th 2009

Sign Up for Free or Log In to start participating in the conversation!