[tor-talk] Funny, but not amusing browsing

Michael O Holstein michael.holstein at csuohio.edu
Thu Jul 3 20:02:09 UTC 2014


>I got worried yesterday when instead of the Wikipedia logo on the
>top-left corner there was the picture of a nazi (army) guy with a

Is this reproducible? 

To successfully (without error) insert into an HTTPS connection you must be trusted by the client .. would need list of CAcerts from firefox/iceweasel, the received HTML, and (ideally) a debug TOR log that shows which exit is doing it.

I have seen HTTPS MiTM attempts in the past but those exits get blacklisted pretty fast for trying to do it .. maybe you're one of the lucky canaries.

A rouge cert signed by a vanilla/public CA would be *very* problematic, and unlikely to be wasted screwing with Wikipedia .. it's far more likely a bogus CA got trusted by your browser, hence the interest in verifying all the certs that are in the keystore.

Regards,

Michael Holstein
Cleveland State University


More information about the tor-talk mailing list