I'm not saying that this was the issue but a possibility is that one of the new "hacking" tools called sslstrip could have been used to move your connection from encrypted to plain text. One of the features of this tool is that it replaces your favicon with whatever the attacker wishes. <br>
<br>See the Avoiding HTTPS Pitfalls or Moxie Marlinspike related threads for more discussion<br><br>ROC Tor Admin<br><br><div class="gmail_quote">On Mon, Mar 9, 2009 at 3:15 AM, <span dir="ltr"><<a href="mailto:force44@safe-mail.net">force44@safe-mail.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I was connected to a secure website using TOR and saw that the Firefox certificate icon was broken, a message saying that some elements are not going to ssl.<br>
<br>
That looked strange, as the site is a bank and I was checking my account. I looked at the Vidalia panel and hadn't the time to see the exit node, I could just see "Sofia BG" as the circuit closed at this time :(<br>
<br>
I immediately logged out, and logged in again without Tor, changed all my access code.<br>
<br>
In direct connection, no problem with the SSL icon.<br>
<br>
Logged out and connected again through Tor 3 times, changing exit node at every time, no more SSL icon problem.<br>
<br>
What can have happened exactly? I think that if the exit node changed the initial bank certificate for HIS certificate, I should receive a warning by the browser, no? Anyway that couldn't probably explain the fact that the SSL icon was broken.<br>
</blockquote></div><br>