[tor-bugs] #2516 [Company]: Examine TurnRight's packages for malware
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Feb 8 21:04:24 UTC 2011
#2516: Examine TurnRight's packages for malware
----------------------+-----------------------------------------------------
Reporter: rransom | Owner: ioerror
Type: task | Status: new
Priority: major | Milestone:
Component: Company | Version:
Keywords: | Parent:
Points: | Actualpointsdone:
Pointsdone: | Actualpoints:
----------------------+-----------------------------------------------------
A Chinese blogger who calls himself/herself/itself '!TurnRight' has
produced two packages containing Tor, which he/she/it has named '!EasyTor'
and '!TorPack'. They are definitely not safe to use (the latest releases
of both contain versions of Tor before 0.2.1.29 that are now believed to
be remotely exploitable), they definitely infringe The Tor Project's
trademark, and at least !TorPack infringes The Tor Project's copyright as
well (I did not find the Tor license in it with a fairly thorough search).
We should have these packages examined for malware, as the Chinese
government and its accomplices have previously
[http://www.zdnet.com/blog/government/chinese-monitoring-tom-skype-
messages/4063 distributed repackaged versions of popular software that
include malware] and [http://www.cl.cam.ac.uk/techreports/UCAM-CL-
TR-746.html used targeted malware to attack groups which China opposes].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2516>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list