Website Certified by an Unknown Authority?

pyllyukko pyllyukko at
Sun Apr 9 17:54:38 UTC 2006

I'm running Linux and the problem only occurs when I'm using Tor, so I 
don't think that's the case here. I also observe/analyze my network 
traffic, so I don't think that my host(s) are part of a botnet.

Any other clues?

On Sun, 9 Apr 2006, 2600denver wrote:

> Try scanning with Spybot Search and Destroy, Ad-Aware, and an Antivirus
> program. Sounds like you might be part of a botnet.
> On 4/9/06, pyllyukko <pyllyukko at> wrote:
>> Yes, I know what a self-signed certificate is.. But the point is, that i'm
>> not trying (or wanting) to access hackshaven at all. It doesn't matter if
>> I'm on google, or anywhere else, the message still comes popping up from
>> time to time. Actually, it doesn't even matter if I'm using a https
>> connection or not.
>> On Sat, 8 Apr 2006, 2600denver wrote:
>>> That just means that hackshaven doesn't have their SSL cert certified by
>> a
>>> trusted (according to firefox) authority such as verisign inc. The
>> traffic
>>> to and from hackshaven is still encrypted so your exit node will be
>> blind
>>> assuming they don't make their private encryption key public. Could it
>> be
>>> there is an embedded image in a page that links to
>>> https://hackshaven/img.jpg?
>>> On 4/8/06, Pyllyukko <pyllyukko at> wrote:
>>>> Hello everybody.
>>>> I Have a weird problem with Tor. Every once in a while when I'm happily
>>>> browsing the net with Firefox using Tor, I get this
>>>> error
>>>> from Firefox, saying "Website Certified by an Unknown Authority...
>> Unable
>>>> to
>>>> verify the identity of as a trusted site". The
>> message
>>>> always warns me from the same site,, the strangest
>> part
>>>> is
>>>> that I'm not trying to access the site at all.
>>>> It doesn't matter what site I'm trying to access, or is Firefox only
>>>> updating
>>>> my RSS feeds. I tried to sniff my traffic with Ethereal, but it didn't
>>>> seem
>>>> that my host was accessing the hackshaven ip at all.
>>>> I noticed that there is a Tor node named "hackshaven", and it shares
>> the
>>>> same
>>>> ip with the site, so I'm guessing it's the same host=) I also tried to
>> add
>>>> the node to the excludenodes list, but it didn't seem to do any good.
>>>> So my question is, what the hell is happening here? Sounds really fishy
>> to
>>>> me.
>>>> Could it be something involving the way the SOCKS proxy works? But
>> doesn't
>>>> it
>>>> interact with the Tor nodes in a "different level"? Is hackshaven
>> trying
>>>> to be
>>>> a man-in-the-middle, or is this something else?
>>>> Please explain this to me, I'm confused.
>>>> Sincerely,
>>>> pyllis.

More information about the tor-talk mailing list