[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Collin Anderson
collin at averysmallbird.com
Fri Sep 2 17:31:53 UTC 2011
According to a number of bloggers(1), torproject.org was include among those
domains targeted in the certificate breach. In at least the case of Google,
these certificates have been offered to Iranian Internet users by a number
of ISPs, in a number of city.
Risk is a product of situation, and if you are in Iran, Syria, Belarus, et
al, I would exercise at least that level of caution.
(1)
http://www.nu.nl/internet/2603449/mogelijk-nepsoftware-verspreid-naast-aftappen-gmail.html
On Fri, Sep 2, 2011 at 1:11 PM, Seth David Schoen <schoen at eff.org> wrote:
> Joe Btfsplk writes:
>
> > Is it really a risk, d/l Tor or TBB directly from Tor Project's
> > site, that verifying signatures is necessary? What is the reasoning
> > here - if getting files from Tor Project server?
>
> How do you know it was really the Tor Project server?
>
> --
> Seth Schoen <schoen at eff.org>
> Senior Staff Technologist https://www.eff.org/
> Electronic Frontier Foundation https://www.eff.org/join
> 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110902/088e5f1e/attachment-0001.htm>
More information about the tor-talk
mailing list