Delivery-Date: Tue, 23 Sep 2014 12:57:41 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9B3771E0BF0;
	Tue, 23 Sep 2014 12:57:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1373021013;
	Tue, 23 Sep 2014 16:57:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id CA7DE213A6
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 16:57:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5mhSQwB05OLy for <tor-talk@lists.torproject.org>;
 Tue, 23 Sep 2014 16:57:31 +0000 (UTC)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com
 [IPv6:2607:f8b0:4001:c05::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A684C20FB0
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 16:57:31 +0000 (UTC)
Received: by mail-ig0-f171.google.com with SMTP id hn15so4955141igb.16
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 09:57:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cyblings.on.ca; s=google;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type;
 bh=oju+LnrSjeXn8eTftTRVy+8w/xlOj/pzAFnlor/264Y=;
 b=OCtsrjF8dzj/3nchqwY7oVEsY+SpP+fGM296zU7QldVbWJAebE8BZyJVFnzR0j26Ej
 /J1u1t119/5hTcMCoN9tUD4nKN5GQhZ3fHxtPbG91DVVkKnHLVoyTESaFGN9DnCzO0zP
 buY/CGGg4wvU7b2tE5FASmkCAzqFqLas9T0sE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
 :subject:references:in-reply-to:content-type;
 bh=oju+LnrSjeXn8eTftTRVy+8w/xlOj/pzAFnlor/264Y=;
 b=bM/h/xU4alZYE36MGVhKUztGZ7UUW+sXfsYeIRgx0pVNOKnRz4bxJf00G3Cu3XYwvy
 KiGSglKyZpWZaeQS4ub95S5ipzVKcmjjrWF8ZVv/pxyxn8oiuqk1BbKAqOqqnPITsMg5
 5VZLC2RKY2B50QwZqtwPNMyHJMMhQ8n51SejaZ26J4MypXOJCDwnT8ZYcE+pz9LyyTwc
 tSDKL7FRXfCVTwhJhWl4V2VmjRJV6+kEW2Z5Dg8g/OaHzrB6baBa4e81HtwWzP9xXVzY
 FXNUCjULzVISRq6hCfpjkHoLVX0grpBg6zo/R8buvIEJFZQqVUpPoLoxqTqwi0BmpquK
 1+fQ==
X-Gm-Message-State: ALoCoQkz0kohoqzPUwTFJXMw/APUUey8a1a6Mng2CEF02bN5jNJLpOUmMMFfGzDWc1c/S7CdqzcV
X-Received: by 10.50.170.196 with SMTP id ao4mr23831240igc.46.1411491448714;
 Tue, 23 Sep 2014 09:57:28 -0700 (PDT)
Received: from [192.168.1.2] (69-196-152-198.dsl.teksavvy.com.
 [69.196.152.198])
 by mx.google.com with ESMTPSA id a2sm2092876igx.4.2014.09.23.09.57.27
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 23 Sep 2014 09:57:27 -0700 (PDT)
Message-ID: <5421A66F.70004@cyblings.on.ca>
Date: Tue, 23 Sep 2014 12:57:19 -0400
From: krishna e bera <keb@cyblings.on.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAD2Ti2-v-LZc1dnXiz7tbRRH8k=Zx080wY_UGs7LF_Zh0=DsOQ@mail.gmail.com>
 <5421A3AB.4090100@infosecurity.ch>
In-Reply-To: <5421A3AB.4090100@infosecurity.ch>
Subject: Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7101030263823102836=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7101030263823102836==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="Snx4H7A3rrFaHP563eUmTkTcS8auc0bGs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Snx4H7A3rrFaHP563eUmTkTcS8auc0bGs
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 14-09-23 12:45 PM, Fabio Pietrosanti (naif) wrote:
> Il 9/22/14, 11:42 PM, grarpamp ha scritto:
>> Whether clones or worse, there's something
>> very weird going on with these guys.
> Here an OSINT notes/analysis on several of that "suspicious" software:
> https://docs.google.com/spreadsheet/ccc?key=3D0AqtQ4kKC2rLzdEVjWkxTcUVT=
TWxmdnh4VWFDY25zTHc&usp=3Dsharing
>=20
> I've been particularly considering also other "suspicious" software tha=
t
> has been "strangely" solicited/promoted across many activists community=

> but comes from unknown/anonymous persons.
>=20
> Please note that such TorProject copycat site seems to be particularly
> targeting UAE users from Sourceforge's stats:
> - TorBrowser (16.170 download with 2nd top-country UAE)
> - Browser4Tor  (357 download, with 46% from UAE)
>=20
> That analysis is a bit old, September 2013, but may contain userful inf=
o
> for people digging into that problem.

Also TorProject.org and mirrors may be blocked by countries or by
netnannies/firewalls, but SourceForge and Cnet download sites typically
arent, even though they often contain malware of late.  Thus the uptake
on malicious fakes can be high for some of Tor's likely users.



--Snx4H7A3rrFaHP563eUmTkTcS8auc0bGs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVCGmdfp3cia4tegJAQKJkAf/YufHUtRZ4Ah4fi1wNscaucGf/3SvyXXr
NsTcZfwTbv8gwLU4oNzb1JzTabL0PdRmKC32hlf2kxXZw7dQg6j3yYuJk/MedS5b
meg3XuBVtPeZD5JPwZOiXCW3jSL8YY10V5w/0UdQhXI89kcFJKmIgs1Z3rNLPC32
Q+YeJve9oQ4JsGBWuYL11HY3Ki2SOA64yFo6MZFDwGOPrnM155AS2Om1JNifZ2Xi
F1n2p8SgJmyCU70RCNRxaQs/Qvlmzjn3/Zz396ezHGrfqc8BX5JAC1ahIy//kGrZ
Mk1WhS1yX7S/Q3HM+2zEVe+yWC6Wnv/7EWUdF58VslqgLZleQtBlBw==
=2HNb
-----END PGP SIGNATURE-----

--Snx4H7A3rrFaHP563eUmTkTcS8auc0bGs--

--===============7101030263823102836==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============7101030263823102836==--

