-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
> Is there anyway to somehow automate the process? (The developer in > me coming out) > Absolutely. > I ask because this seems like something that you will be doing > perpetually. Something like an algorithm that can compare > percentage match of heuristics of a database of previous sites > marked as fake against all new ones and then giving a trust score? > > First way I did this was pretty simple: I compared my real ahmia (msydqstlz2kzerdg.onion) to the fake one. I scanned them and detected the difference. The fake ahmia changes URLs to point to fake services. Now I have several clever methods to detect fake websites. > I'd be happy to help write something in Python to do this & put on > github, assuming I can get a decent sets of sample data to test > against. > Thanks! Be free to do that. I can help :) Share your code and ideas. > Or would putting it out there publically allow those creating the > fake sites to up their game and change their tactics. Seems like > this will always be a cat & mouse game. > Yes, that's why I am not describing all of my methods publicly. Please note that the attacker is probably reading this mailing list. - -Juha -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWtL73AAoJELGTs54GL8vAx7UIALErU1Id4xmoZXXJ5oT241/1 xrW7cd7cmbBuk9lLJmNpAXacyCQsFLNb4Nct4maUFvrb/cNbU96vOfVD7IIKgIEY 6LgMnkvxhC2ymrcgboh1bMIauRojkLuDDxOka8qPDDjjyd0S1RP1v3F/GIq9yEpM JNUzil9O1zokKiLx7h/CmZ4nIB/1xEzq9Q6VdeQuS+StnSK6QsfYlkzv9w31uZEX Kd1wJnCnnp3nm6i+yqQiW8wVwg6fC28JfuTi2YDXrhAkDgXRgxZNKHKDe2a3TnIe QSkZeO/ZbHvKFdiriRGCoBLLiIxYSI64nWb2a1YxMRTVAo17dmkVS3QquCqES8w= =QxNL -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
