"Using TURN Servers for Censorship Evasion" petsymposium.org/foci/2025/foci… #foci2025

🚨We discovered Wallbleed, a vulnerability in the Great Firewall of China, allowing anyone leaks its memory. Since 2021, we reverse-engineered its logic, evaluated impact, and monitored patches. Wallbleed reveals censorship devices’ global privacy risks: gfw.report/publications/n…

An attempt to avoid #ECH fingerprinting ietf.org/archive/id/dra…

What can go wrong when a UE tries to attach to a LTE/NB-IoT network? A technical deep dive: "The Miserable State of Modems and Mobile Network Operators" blog.golioth.io/the-miserable-… #3GPP

On May 5, Microsoft’s Skype will shut down for good. “Fu vera gloria?, Ai posteri l'ardua sentenza” arstechnica.com/gadgets/2025/0…

"Advancing Obfuscation Strategies to Counter China’s Great Firewall: A Technical and Policy Perspective" arxiv.org/pdf/2503.02018 #DeepPacketInspection

"A Survey of Internet Censorship and its Measurement: Methodology, Trends, and Challenges" arxiv.org/pdf/2502.14945 #DeepPacketInspection

The #nDPI plugin code has now been merged with #Suricata github.com/OISF/suricata/…

China advanced its QUIC censorship. The GFW now decrypts QUIC Initial packets and extracts the hostname from the SNI extension—similar to its censorship of TLS over TCP. My colleague details our findings in our new blog post: upb-syssec.github.io/blog/2025/quic…

Compiler Options Hardening Guide for C and C++ best.openssf.org/Compiler-Harde…

"This document specifies methods for the encryption and obfuscation of IP addresses for both operational use and privacy preservation. The objective is [...] to share or analyze data while protecting sensitive address information, [...] in the face of pervasive surveillance.

Introducing #nDPI 4.14: Added QoE (Quality of Experience) and New Protocols, Several Fixes ntop.org/ndpi/introduci…

🚨 Our S&P’25 paper reveals rising regional censorship in China. In addition to the national Great Firewall, Henan province runs its own firewall. Though less sophisticated, it’s more volatile and aggressive—once blocking 10× more domains than the GFW. 👉 gfw.report/publications/s…

PacketFest 2025 was an absolute blast! ntop.org/ntop/packetfes…

Pretty wild security fail in a big operator's IMS - @o2 and @mavenir allowing their debug SIP headers through the P-CSCF to the UE, exposing the cell ID, IMSI and IMEI of the B party...

Notes on Packet Classification cover theoretical and practical implementation approaches. I find this area mildly boring, but it's a hard problem space with an N-dimensional headache. dipsingh.github.io/HighSpeed-Pack…

Chinese-Owned VPNs schneier.com/blog/archives/…

Bootstrapping HTTP/1.1, HTTP/2, and HTTP/3 netmeister.org/blog/http-123.…

The Ultimate Guide to nDPI youtube.com/watch?v=NndEp7…