A Chinese computer expert called for more checking of network security protocols designed by foreign countries, in the wake of a recent Chinese policy to start security vetting IT products.

In a signed article published on www.china.com, Cao Jun, vice chairman of China Computer Industry Association and head of a wireless security lab, said that security of network protocols is more important than that of IT products.

Cao contends that almost all the basic network security technologies currently used by China are designed or invented by the United States government and its corporations, such as the technology to secure network connections and data transmission as well as online banking signature verification technology.

Some of the protocols and technologies, said Cao, have been found lately to contain loopholes, as seen in the recently exposed OpenSSL security bug "Heartbleed" and IPSec loophole which is exploited by the U.S. National Security Agency to conduct massive surveillance activities.

The article also said that some of the loopholes are "embeded with on purpose," leaving Chinese government agencies, enterprises and common Internet users vulnerable to attacks in an "unimaginabel scale."

"Computers, servers and Internet equipment are just like 'bread', while network security protocols and chip architechture are like 'wheat seeds', from which wheat are grown from and ultimately get processed into bread," said the article.

Sometimes, "poisonous seeds" pose a far larger threat than "poisonous bread" in that they permeates wider and can hide deeper, said Cao. Endi

Go to Forum >>0 Comment(s)