back to article Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week. The authors, all from the Harbin Institute of Technology, described the study as …

  1. Pascal Monett Silver badge
    Trollface

    In other news

    Five Chinese researchers were arrested yesterday for anti-Communist activities.

    No word has been given on the date of the trial.

    1. Paul Crawford Silver badge
      Unhappy

      Re: In other news

      Sadly "shoot the messenger" is a common reaction around the world to problems being reported, not just in countries where they actually will shoot you.

    2. Dostoevsky

      Re: In other news

      Trial? What trial?

      :)

    3. aerogems Silver badge
      Holmes

      Re: In other news

      Wonder if the guards at Vatnick Eel's prison know what he's up to on the prison computers based on the downvoting pattern.

      1. Casca Silver badge

        Re: In other news

        looks like his fan boys are here

    4. CowHorseFrog Silver badge

      Re: In other news

      Obviously these researchers are the cause of all these bad things, thats how they know about them because they planted them there in the first place.

    5. Max Pyat

      Re: In other news

      https://www.theguardian.com/business/article/2024/may/02/second-boeing-whistleblower-dies

  2. Casca Silver badge

    They probably are not worried being hacked...

  3. Anonymous Coward
    Anonymous Coward

    meanwhile, back home on the farm..

    It was just two years ago that dozens of .gov sites in the US had been hijacked due to a vulnerability in a third party product that they all used.

    Most all of the sites were just pushing Viagra spam all except one site that was used exclusively by congress members that was silently fingerprinting the browsers of visitors and sending the results back to a Yandex server

    1. CowHorseFrog Silver badge

      Re: meanwhile, back home on the farm..

      What comes around goes around ?

  4. fromxyzzy

    Is it easier to break into websites and servers than it is to fully secure them? Or are they just training and allocating all the potentially competent computer security people to espionage instead of security.

  5. Version 1.0 Silver badge
    Facepalm

    website security is often bad

    We need to revise all website and internet issues to completely prevent access to everything other than just allowing visitors to view the text.

    Hacking is universal ... the Internet was only designed originally just to provide universal access ... a feature when there were no websites and the Internet was only being designed ... ever since websites first appeared they have only been planned to be accessible ... "safety" was never much of a risk originally but hacking has now become virtually a universal internet feature.

  6. Dostoevsky

    Imagine that...

    Communists aren't great at actually doing things well. All that's required is to look busy, or appear effective!

    1. Anonymous Coward
      Anonymous Coward

      Re: Imagine that...

      Just the same as employees of big capitalist companies then.

      1. Dostoevsky

        Re: Imagine that...

        When I think "capitalist," I think of the young couple down the street who started a business together, or the Vietnamese immigrants who wake up at 3 AM to make doughnuts so their children can go to college.

        Apparently you don't notice folks like that...

    2. CowHorseFrog Silver badge

      Re: Imagine that...

      Yes because we all know those capitalists with their emails, meetings, coffee meetings, powerpoints and clipart are doing real work.

  7. Effigy

    "found not to have name server (NS) records"

    ... meaning the security researchers were given a spreadsheet with stale data, or with applications available only on private networks. I know because my shop's infosec team flags similar "issues".

    While some findings in this list are concerning, this is generally "dog bites man" given the general state of internet security. Commenters seem eager to extrapolate some dictum about China but I promise you similar results will be found in a sample of 14k websites in any of our home countries.

  8. Grogan Silver badge

    Yeah, why would they care. Who the fuck would want to hack Chinese shit? :-)

  9. scotho

    actually...

    it's a job interview...

  10. Anonymous Coward
    Anonymous Coward

    The Cyberspace Administration of China website

    Had no working HTTPS support until quite recently and part of their role is to ensure cyber security is maintained by telling other people what to do when it comes to that side of things.

    Their website did fit the bill though, it was definitely CAC.

  11. Tron Silver badge

    How about the big one?

    The most serious single point of failure - The Windows update.

  12. Alan Brown Silver badge

    "found worrying lapses that could lead to malicious attacks"

    Well gosh. Attempts to warn Chinese networks about this in the 1990s usually led to them blocking mail from the messengers (China Unicom in particular)

    Surprisingly, they weren't as bad as the Japanese or Koreans for this behaviour

    The worst offenders were usually US government/military. Thankfully the group involved had backchannels to DISA which "solved the issues" - usually by replacing the people responsible

  13. aerogems Silver badge
    Coat

    It's the Winnie-the-Pooh honey trap.

  14. Bebu Silver badge
    Windows

    The only surprise ...

    was that any of the zones behind the GFW were (dnssec) signed.

    Puzzled what use zones without NS records would be. No delegation from parent zone for a start. Internal root servers or opennic arrangement?

    Sounds like the same dog's breakfast as found on this side of the GFW. :)

  15. Anonymous Coward
    Anonymous Coward

    Low hanging fruit

    Scapegoats left out for an easy kill.

    Don’t think the Chinese government are that stupid.

  16. CowHorseFrog Silver badge

    Typical chinese, looks are more important than actual quality.

    Sad to see the west going down the same path with all their fake job titles, fake advertising with its fake claims and image focused social media crap aka glassdoor "review", linkedin fake connections.

    1. Will Godfrey Silver badge
      Unhappy

      Oh! I thought it was a competition. A race to see which government could achieve the lowest possible degree of security - especially regarding citizens personal data.

    2. Anonymous Coward
      Anonymous Coward

      Bullshit Jobs: A Theory - David Graeber

      Not a new thing...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like