Chinese province issues swipe IDs to Internet cafe users
Posted by Daniel Fleshbourne on 05 November 2002 - 13:01 · 3 comments & 313 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
What's up next??? The telescreen? 
Each time someone visits a cybercafe in Jiangxi their card is swiped enabling authorities to see who is online and what sites they're accessing. AP reports that this enables police to block access to certain sites, or even prevent individual users from using the Net. According to official sources the new system was introduced last month to identify criminals operating online and to prevent crimes.
Critic claim this yet further evidence of the hard-line approach taken by the Chinese authorities and its continued nervousness surrounding unfettered access to the Net in China. China is very strict on people using the Net to "conduct illegal activities" such as peeking at porno and other subversive material. According to the report more than 200,000 cards have been issued so far in Jiangxi.
Last month China launched yet another crackdown on Internet cafes banning children under the age of 16 from using them. The new regulations were introduced following a fire at a Beijing Internet café in which 24 people died and 13 were injured. The new regulations mean that as well as banning minors, it will be illegal to set up a cyber cafe within a stone's throw of a school.
It will also be illegal to operate a cyber cafe before 8.00am in the morning and after midnight
In most situations, the attacker would already need to be on a computer connected to the network to execute an attack. However, if the router has a 'remote management' feature enabled, a malicious hacker could execute an attack from anywhere on the Internet by entering the IP (Internet Protocol) address of the router along with the name of the script into his or her Web browser.
"An attacker could just scan a (network) subnet for IP addresses belonging to Linksys routers. Once they identified the targeted routers, they could bring them down just using their Web browser," said Sunil James, a senior security engineer at iDefense, which is in Chantilly, Virginia.
The vulnerability affects BEFSR41 routers using a version of the router firmware earlier than version 1.42.7.
Other Linksys models including the BEFSR11 and BEFSRU31 routers may also be affected by the vulnerability, according to James. Those models use the same embedded Web server and firmware software as the BEFSR41, James said.
IDefense has not tested the vulnerability on the BEFSR11 or BEFSRU31 router hardware, James said. Aside from losing Internet connectivity, however, James said that iDefense does not believe the vulnerability would allow attackers to place or execute malicious code on an affected network. Following an attack, users would need to reset the router by pressing a reset button on the back of the device to restore it, according to iDefense.
To guard against this vulnerability, iDefense recommends upgrading the router firmware to version 1.42.7 or later (http://www.linksys.com/download/firmware.asp). That and subsequent firmware versions appear to eliminate the vulnerability, though Linksys makes no mention of the vulnerability in the release notes that accompany the updated firmware, according to James.
Users are also asked to verify that the router's remote management feature is not enabled.
Denial of service (DOS) attacks are usually associated with coordinated efforts by one or more hackers against high-visibility corporate Web sites such as eBay Inc. and Microsoft Corp. However, the growing popularity of broadband Internet connections in the U.S., Europe, and Asia have made small office and home-based computer networks -- and attacks that target those networks -- common.
A study in 2001 by researchers from the Cooperative Association for Internet Data Analysis at the San Diego Supercomputer Center found that a significant percentage of more than 12,000 DOS attacks the group studied were against home users with broadband Internet connections. Researchers theorized that personal vendettas may have been the motivation for many of those attacks.