- Jun 11, 2014
- 149
Don’t Be Fodder for China’s ‘Great Cannon’
- Thread starter Blackhawk
- Start date
- Status
- Jun 9, 2013
- 6,720
So stay away from Baidu products page for a while i reckon. 
Thanks for this.
Thanks for this. 
- Jul 28, 2014
- 1,990
Been hearing a lot on this and what bugs me the most is that Baidu is not doing anything to stop it. I understand that Baidu is based in China, but seriously they have a duty to their users to do something about it. What's worst is that they are also a security company, this won't do well with their users.
- Mar 15, 2011
- 13,070
As usual, some products are really questionnable that based in China, since news expose those tactics not just on computers but mobile too.
So its a discretion from them on how they declare the functionality, even though malicious or not therefore be vigilant.
So its a discretion from them on how they declare the functionality, even though malicious or not therefore be vigilant.
- Oct 15, 2013
- 501
That's all well and good. But in a country where everything is controlled by the government, from personal to corporate, what do you suggest that Baidu do?
Last edited:
- Jul 28, 2014
- 1,990
That's a good point, I think there are a lot of things that are currently still unknown to us like is Baidu cooperating with the government for these attacks or were they just blind sighted. From the comment given by Baidu when this all started it suggests that Baidu had nothing to do with it and did not know what was going on. This probably means that the government did not inform them that this was happening, what Baidu can do is modify their code to prevent this from happening. As the article said, only HTTP traffic was being modified, so what they can do is implement HTTPS to all their sites, which would probably solve this issue.
Of course this would be only possible if the government wasn't in full control of the company. I understand Baidu is in some kind of limbo between the government and the users.
- Oct 15, 2013
- 501
You missed the point. Even if Baidu, or any other Chinese company operating out of China for that matter, wanted to act in their clients' best interests, no person, or entity, is in a position to override the authority of the central government without facing a swift and punitive backlash.
- Jul 14, 2014
- 174
Hi all,
There is something you all should be aware of,and that is,many Android apps of Chinese origin use Baidu analytics,and connect to Baidu. That means those http connections are vulnerable to interception,and redirected with potentially malicious content. I would think browser's,security apps,and file managers would top the list for vulnerable apps. I can confirm that ES File Explorer does just that. That said,it is not the apps that are necessarily dangerous,but just the traffic sent to and from China. This is a very dangerous ability they have to be able to sent exploits at will,by targeting any IP address.
Here is the link to the research paper done by Citizen Lab.
https://citizenlab.org/2015/04/chinas-great-cannon/
Read the whole report,very informative.
There is something you all should be aware of,and that is,many Android apps of Chinese origin use Baidu analytics,and connect to Baidu. That means those http connections are vulnerable to interception,and redirected with potentially malicious content. I would think browser's,security apps,and file managers would top the list for vulnerable apps. I can confirm that ES File Explorer does just that. That said,it is not the apps that are necessarily dangerous,but just the traffic sent to and from China. This is a very dangerous ability they have to be able to sent exploits at will,by targeting any IP address.
Here is the link to the research paper done by Citizen Lab.
https://citizenlab.org/2015/04/chinas-great-cannon/
Read the whole report,very informative.
- Status
Similar threads
