Security News

Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords. The playbooks [PDF], which are documents that serve as info guides for Olympics-goers, instruct international visitors to download the app and use it to monitor health for 14 days prior to their departure for China.

Russia has stepped up its censorship efforts in the country by fully banning access to the Tor web anonymity service, coinciding with the ban of six virtual private network operators, as the government continues to control the internet and crackdown on attempts to circumvent locally imposed web restrictions. Russia accounts for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router, enables users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and protect their identities from the internet service providers and the websites they visit.

The Tor Project's main website, torproject.org, is actively blocked by Russia's largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project. Tor is a software project that allows users to automatically encrypt and reroute their web requests through a network of Tor nodes for anonymous browsing.

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be "Extremely detrimental to any network" if carried out.

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.

The Tor Project has released Tor Browser 10.5 with V2 onion URL deprecation warnings, a redesigned Tor connection experience, and an improved anti-censorship feature. Last year, the Tor Project announced that they were deprecating the use of V2 onion URLs in favor of the newer V3 URLs to provide more robust cryptography, longer URLs to prevent brute-forcing of hidden sites, and cleaner code.

The latest Notepad++ release has removed support for Bing search from the app after the "Tank man" fiasco Microsoft had to deal with on Friday afternoon. "Microsoft Bing is removed from Notepad++ settings for Search on Internet command, due to its poor reliability," the Notepad++ v8 announcement reads.

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.

Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform's source code, and reported that TikTok meets reasonable standards of security and privacy.

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. Windows 11's October 2021 release date hinted in support docs.