[tor-talk] Warning: 37 new booby trapped onion sites

[Juha Nurmi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

> Is there anyway to somehow automate the process? (The developer in
> me coming out)
> 

Absolutely.

> I ask because this seems like something that you will be doing
> perpetually. Something like an algorithm that can compare
> percentage match of heuristics of a database of previous sites
> marked as fake against all new ones and then giving a trust score?
> 
> 

First way I did this was pretty simple: I compared my real ahmia
(msydqstlz2kzerdg.onion) to the fake one. I scanned them and detected
the difference. The fake ahmia changes URLs to point to fake services.

Now I have several clever methods to detect fake websites.

> I'd be happy to help write something in Python to do this & put on
> github, assuming I can get a decent sets of sample data to test
> against.
> 

Thanks! Be free to do that. I can help :) Share your code and ideas.

> Or would putting it out there publically allow those creating the
> fake sites to up their game and change their tactics. Seems like
> this will always be a cat & mouse game.
> 

Yes, that's why I am not describing all of my methods publicly. Please
note that the attacker is probably reading this mailing list.

- -Juha
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWtL73AAoJELGTs54GL8vAx7UIALErU1Id4xmoZXXJ5oT241/1
xrW7cd7cmbBuk9lLJmNpAXacyCQsFLNb4Nct4maUFvrb/cNbU96vOfVD7IIKgIEY
6LgMnkvxhC2ymrcgboh1bMIauRojkLuDDxOka8qPDDjjyd0S1RP1v3F/GIq9yEpM
JNUzil9O1zokKiLx7h/CmZ4nIB/1xEzq9Q6VdeQuS+StnSK6QsfYlkzv9w31uZEX
Kd1wJnCnnp3nm6i+yqQiW8wVwg6fC28JfuTi2YDXrhAkDgXRgxZNKHKDe2a3TnIe
QSkZeO/ZbHvKFdiriRGCoBLLiIxYSI64nWb2a1YxMRTVAo17dmkVS3QquCqES8w=
=QxNL
-----END PGP SIGNATURE-----