[tor-talk] Verifying signatures

Christian Siefkes christian at siefkes.net
Wed Mar 21 14:35:01 UTC 2012

On 03/21/2012 12:46 PM, Jude Young wrote:
> Sorry if this has been responded to, I've lost a few emails...
> I don't believe the TBB has been high-jacked, but the TorButton Firefox
> extension certainly has.
> (Forgive my faulty memory 
> linky:http://www.securitynewsdaily.com/1201-anonymous-hackers-child-porn.html)
> "Anonymous" apparently convinced firefox (or someone at FireFox? No one was
> ever clear on this..) to upload a modified version.

Uh, TorButton is free software, didn't you know that? Everybody can create
and distribute a modified version, and that's what happened. It certainly
proves that you shouldn't download software from untrusted sources (neither
the Tor Project nor Mozilla was involved) and that you should verify the
signatures of the software to use. None of that is news, of course.

Best regards

|------- Dr. Christian Siefkes ------- christian at siefkes.net -------
| Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/
|    Peer Production Everywhere:       http://peerconomy.org/wiki/
|---------------------------------- OpenPGP Key ID: 0x346452D8 --
Progress isn't made by early risers. It's made by lazy men trying to find
easier ways to do something.
        -- Robert Heinlein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120321/a84ba942/attachment.pgp>

More information about the tor-talk mailing list