Delivery-Date: Tue, 23 Sep 2014 16:11:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 48E441E0C09;
	Tue, 23 Sep 2014 16:11:23 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 49A3220DEA;
	Tue, 23 Sep 2014 20:11:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 30DE82105C
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 20:11:14 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Hak0Z14ZD8fi for <tor-talk@lists.torproject.org>;
 Tue, 23 Sep 2014 20:11:14 +0000 (UTC)
Received: from mail-vc0-x231.google.com (mail-vc0-x231.google.com
 [IPv6:2607:f8b0:400c:c03::231])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0E42420CF7
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 20:11:14 +0000 (UTC)
Received: by mail-vc0-f177.google.com with SMTP id im17so5745992vcb.8
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 13:11:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=mLtfbEfk19xin3i0jHNYfyYaGiPF9t0W4YI1t1qRtSM=;
 b=FOnmRqo4rQgQQU3JnWradPVS59M5S9GztuCgC7OEdiGAxiPHe3taNB3LlFU+sFw605
 8RjryR/0AlNhcryLOoyYG4vt/kb6yipw3Z5w9k9mEQ254bG05OFW0lD93Usos8iJCV2V
 +LRiQwubSb5SvOsPSFrG48FiZbhfoMe+9cTTQAbKD4KvV71y6TcuU2B2QgkD7xhZe5YW
 9khMGsTSIfYcJ3AkiPfWxLHFY2GVz7aRzdHM+0n8HqkejumV/NAzfHY2HwmtVSMy/2Bd
 IDFC31nQYDqp/wgexGd6OgAvXlCyNQm5VQZ9Vj5VL9MZKDPwbn9hwKtvmOBzcTX6TtDc
 f4yA==
MIME-Version: 1.0
X-Received: by 10.220.206.196 with SMTP id fv4mr1862544vcb.66.1411503070807;
 Tue, 23 Sep 2014 13:11:10 -0700 (PDT)
Received: by 10.221.64.74 with HTTP; Tue, 23 Sep 2014 13:11:10 -0700 (PDT)
In-Reply-To: <5421A66F.70004@cyblings.on.ca>
References: <CAD2Ti2-v-LZc1dnXiz7tbRRH8k=Zx080wY_UGs7LF_Zh0=DsOQ@mail.gmail.com>
 <5421A3AB.4090100@infosecurity.ch> <5421A66F.70004@cyblings.on.ca>
Date: Tue, 23 Sep 2014 16:11:10 -0400
Message-ID: <CAD2Ti28PpjKvSf3bDrk=7yXVgcYBYVAT=1AqTQsnDL0JsRjk1Q@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, Sep 23, 2014 at 12:57 PM, krishna e bera <keb@cyblings.on.ca> wrote:
> On 14-09-23 12:45 PM, Fabio Pietrosanti (naif) wrote:
>> Here an OSINT notes/analysis on several of that "suspicious" software:
>> https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHc&usp=sharing
>>
>> I've been particularly considering also other "suspicious" software that
>> has been "strangely" solicited/promoted across many activists community
>> but comes from unknown/anonymous persons.
>>
>> Please note that such TorProject copycat site seems to be particularly
>> targeting UAE users from Sourceforge's stats:
>> - TorBrowser (16.170 download with 2nd top-country UAE)
>> - Browser4Tor  (357 download, with 46% from UAE)
>>
>> That analysis is a bit old, September 2013, but may contain userful info
>> for people digging into that problem.
>
> Also TorProject.org and mirrors may be blocked by countries or by
> netnannies/firewalls, but SourceForge and Cnet download sites typically
> arent, even though they often contain malware of late.  Thus the uptake
> on malicious fakes can be high for some of Tor's likely users.

Randolph tried to spam cpunks with firefloo.sf.net which spawned
various posts/threads including some new OSINT and mail exchange
with them...

https://cpunks.org/pipermail/cypherpunks/2014-September/date.html
https://cpunks.org/pipermail/cypherpunks/2014-September/005505.html

I've seen some postings/accounts from, or related to, these guys
on Cnet, Linkedin, Facebook, Twitter, Wikipedia, etc but haven't
yet collated the links as it was easier and just as well to call
them out in email and get it indexed that way.

People should feel free to add my intel to the sheet, or to their
own work, and to carry any efforts forward. Thanks.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

