Re: SourceForge nmap project analysis

[Fyodor <fyodor () nmap org>]

On Sun, Jun 28, 2015 at 1:35 AM, Fabio Pietrosanti (naif) - lists <
lists () infosecurity ch> wrote:
> Given that SF is for the opensource community, and it's not softpedia or
> download.com or other pseudo-malware-oriented commercial sites,


Sadly, Sourceforge has gone that same route :(.  We need to judge them on
their actions, and those don't speak well of the current management.  You'd
think that, after all this negative attention, they'd be on their best
behavior, right?  And that they'd be following their promise[1] to
eliminate fake download buttons? Well I've attached a screenshot of the
current Octave-Forge Sourceforge page, which is the latest SF "Project of
the Month".  Note the 3 green download buttons?  The two largest and most
prominent of the three give you the FileOpenerPro malware instead of
Octave-Forge.  Even if you click on the "right" download button, it takes
you to a separate download page which usually has more fake D/L buttons
(the exact ads vary).

It's your computer, so you're welcome to keep using Sourceforge and playing
download roulette whenever you want to install something new.  But I, for
one, am glad Sourceforge finally removed their fake Nmap "mirror" so our
users don't have to deal with this BS and so SF isn't further tarnishing
our name.

-Fyodor
[1] https://sourceforge.net/blog/?s=blockthis

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/