Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
Il 9/22/14, 11:42 PM, grarpamp ha scritto: Whether clones or worse, there's something very weird going on with these guys. Here an OSINT notes/analysis on several of that suspicious software: https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHcusp=sharing I've been particularly considering also other suspicious software that has been strangely solicited/promoted across many activists community but comes from unknown/anonymous persons. Please note that such TorProject copycat site seems to be particularly targeting UAE users from Sourceforge's stats: - TorBrowser (16.170 download with 2nd top-country UAE) - Browser4Tor (357 download, with 46% from UAE) That analysis is a bit old, September 2013, but may contain userful info for people digging into that problem. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
On 14-09-23 12:45 PM, Fabio Pietrosanti (naif) wrote: Il 9/22/14, 11:42 PM, grarpamp ha scritto: Whether clones or worse, there's something very weird going on with these guys. Here an OSINT notes/analysis on several of that suspicious software: https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHcusp=sharing I've been particularly considering also other suspicious software that has been strangely solicited/promoted across many activists community but comes from unknown/anonymous persons. Please note that such TorProject copycat site seems to be particularly targeting UAE users from Sourceforge's stats: - TorBrowser (16.170 download with 2nd top-country UAE) - Browser4Tor (357 download, with 46% from UAE) That analysis is a bit old, September 2013, but may contain userful info for people digging into that problem. Also TorProject.org and mirrors may be blocked by countries or by netnannies/firewalls, but SourceForge and Cnet download sites typically arent, even though they often contain malware of late. Thus the uptake on malicious fakes can be high for some of Tor's likely users. signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
On Tue, Sep 23, 2014 at 12:57 PM, krishna e bera k...@cyblings.on.ca wrote: On 14-09-23 12:45 PM, Fabio Pietrosanti (naif) wrote: Here an OSINT notes/analysis on several of that suspicious software: https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHcusp=sharing I've been particularly considering also other suspicious software that has been strangely solicited/promoted across many activists community but comes from unknown/anonymous persons. Please note that such TorProject copycat site seems to be particularly targeting UAE users from Sourceforge's stats: - TorBrowser (16.170 download with 2nd top-country UAE) - Browser4Tor (357 download, with 46% from UAE) That analysis is a bit old, September 2013, but may contain userful info for people digging into that problem. Also TorProject.org and mirrors may be blocked by countries or by netnannies/firewalls, but SourceForge and Cnet download sites typically arent, even though they often contain malware of late. Thus the uptake on malicious fakes can be high for some of Tor's likely users. Randolph tried to spam cpunks with firefloo.sf.net which spawned various posts/threads including some new OSINT and mail exchange with them... https://cpunks.org/pipermail/cypherpunks/2014-September/date.html https://cpunks.org/pipermail/cypherpunks/2014-September/005505.html I've seen some postings/accounts from, or related to, these guys on Cnet, Linkedin, Facebook, Twitter, Wikipedia, etc but haven't yet collated the links as it was easier and just as well to call them out in email and get it indexed that way. People should feel free to add my intel to the sheet, or to their own work, and to carry any efforts forward. Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] TPO/TBB clone on SourceForge, use of TPO name
Whether clones or worse, there's something very weird going on with these guys. http://browser4tor.sourceforge.net/ http://torbrowser.sourceforge.net/ Has anyone dissected this software? Was this issue ever resolved? Does anyone know of any other instances and URL's where a TPO project has been seriously abused like this. (I don't mean casual use of the string 'tor' in the name of other projects or simple bundlings of tor. ie: things like torchat and piratebrowser don't count as in this degree). What's the trac ticket for these, or this sort of thing? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
On 09/22/2014 05:42 PM, grarpamp wrote: What's the trac ticket for these, or this sort of thing? https://trac.torproject.org/projects/tor/ticket/11515 Sourceforge/Dice don't care. We even sent them snail mail to no effect. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
Andrew Lewman wrote: On 09/22/2014 05:42 PM, grarpamp wrote: What's the trac ticket for these, or this sort of thing? https://trac.torproject.org/projects/tor/ticket/11515 Sourceforge/Dice don't care. We even sent them snail mail to no effect. Seems like the one mentioned in #11515 is gone, either those letters have been actually effective or the maintainer decided to remove the project (which imo is unlikely to be the case). I say it's worth a shot to submit another complaint for these two forks. -- Nima 0XC009DB191C92A77B | @nimaaa | mrphs I disapprove of what you say, but I will defend to the death your right to say it --Evelyn Beatrice Hall signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
Nima Fatemi wrote: Seems like the one mentioned in #11515 is gone, either those letters have been actually effective or the maintainer decided to remove the project (which imo is unlikely to be the case). I say it's worth a shot to submit another complaint for these two forks. I've complained on both of those. After some digging, I *might* have located one of the maintainers (Sergey Varankevich). Reached out and will let you know if I hear anything back. ~Griffin -- I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. ~Len Sassaman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk