[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Achter Lieber
zzretro999 at email2me.net
Fri Sep 2 12:55:54 UTC 2011
----- Original Message -----
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk at lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
For those who haven't been following, check out https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it You should pay special attention if you're in an environment where your ISP (or your government!) might try a man-in-the-middle attack on your interactions with https://www.torproject.org/. We stepped up our schedule for switching the Tor Browser Bundle to Firefox 6 (which we can build from source on all platforms, and thus remove the offending CA ourselves). New bundles are out now: https://blog.torproject.org/blog/new-tor-browser-bundles-4 Perhaps now is a great time for you to learn how to verify the signatures on Tor packages you download: https://www.torproject.org/docs/verifying-signatures --Roger Hello Roger. Is it possible to check the signatures for the Browser bundle, which I use on a USB with Windows but check the signatures from my Mac? I only use internet cafe computers as they are so readily available where I live, are much faster t
han what I have been able to purchase for an ISP provider from my home and many times just isn't working. Don't know if that is possible to do from Mac on .exe files or whatever. Not real savvy here. Sorry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110902/68be846a/attachment.htm>
More information about the tor-talk
mailing list