diff --git a/README.md b/README.md index fecd1d74f..69abdad43 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ - 🚀 [TestFlight preview for iOS](https://testflight.apple.com/join/DWuT2LQu) with the new features 1-2 weeks earlier - **limited to 10,000 users**! - 🖥 Available as a terminal (console) app / CLI on Linux, MacOS, Windows. -**NEW**: v4.0 is released - now local chat database is encrypted with passphrase! See [the release announcement](./blog/20220928-simplex-chat-v4-encrypted-database.md). +**NEW**: Security audit by [Trail of Bits](https://www.trailofbits.com/about), the [new website](https://simplex.chat) and v4.2 released! [See the announcement](./blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) ## Contents @@ -83,7 +83,7 @@ You can use SimpleX with your own servers and still communicate with people usin Recent updates: -[Nov 08, 2022. Security audit by Trail of Bits, the new website and v4.2 released](./blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) +[Nov 08, 2022. Security audit by Trail of Bits, the new website and v4.2 released](./blog/20221108-simplex-chat-v4.2-security-audit-new-website.md) [Sep 28, 2022. v4.0: encrypted local chat database and many other changes](./blog/20220928-simplex-chat-v4-encrypted-database.md) @@ -151,7 +151,6 @@ We plan to add soon: 1. Message queue rotation. Currently the queues created between two users are used until the contact is deleted, providing a long-term pairwise identifiers of the conversation. We are planning to add queue rotation to make these identifiers termporary and rotate based on some schedule TBC (e.g., every X messages, or every X hours/days). 2. Local files encryption. Currently the images and files you send and receive are stored in the app unencrypted, you can delete them via `Settings / Database passphrase & export`. 3. Message "mixing" - adding latency to message delivery, to protect against traffic correlation by message time. -4. Independent implementation audit. ## For developers diff --git a/blog/20221108-simplex-chat-v4.2-security-audit-new-website.md b/blog/20221108-simplex-chat-v4.2-security-audit-new-website.md index 632d8d322..acb6128e7 100644 --- a/blog/20221108-simplex-chat-v4.2-security-audit-new-website.md +++ b/blog/20221108-simplex-chat-v4.2-security-audit-new-website.md @@ -25,7 +25,7 @@ We have a growing number of enthusiasts using SimpleX Chat who can accept the se Overall we have SimpleX Chat in a decent shape, with most reviewed areas other than identified issues being marked as "satisfactory", and authentication and access controls as "strong". -The issues are explained below, and the full security review is available via [this link](https://github.com/trailofbits/publications#security-reviews). +The issues are explained below, and the full security review is available via [this link](https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Chat_Final_Report_11_03_2022.pdf). We are hugely thankful to Trails Of Bits and their engineers for the work they did, helping us identify these issues and strengthen the security of SimpleX Chat. diff --git a/blog/README.md b/blog/README.md index a26a79f70..9596ac066 100644 --- a/blog/README.md +++ b/blog/README.md @@ -1,6 +1,6 @@ # Blog -Nov 8, 2022 [Security audit by Trail of Bits, the new website and v4.2 released](./20221108-simplex-chat-v4.2-security-audit-new-website.html) +Nov 8, 2022 [Security audit by Trail of Bits, the new website and v4.2 released](./20221108-simplex-chat-v4.2-security-audit-new-website.md) _"Have you been audited or should we just ignore you?"_