[tor-talk] Funny, but not amusing browsing

Michael O Holstein michael.holstein at csuohio.edu
Thu Jul 3 20:02:09 UTC 2014

>I got worried yesterday when instead of the Wikipedia logo on the
>top-left corner there was the picture of a nazi (army) guy with a

Is this reproducible? 

To successfully (without error) insert into an HTTPS connection you must be trusted by the client .. would need list of CAcerts from firefox/iceweasel, the received HTML, and (ideally) a debug TOR log that shows which exit is doing it.

I have seen HTTPS MiTM attempts in the past but those exits get blacklisted pretty fast for trying to do it .. maybe you're one of the lucky canaries.

A rouge cert signed by a vanilla/public CA would be *very* problematic, and unlikely to be wasted screwing with Wikipedia .. it's far more likely a bogus CA got trusted by your browser, hence the interest in verifying all the certs that are in the keystore.


Michael Holstein
Cleveland State University

More information about the tor-talk mailing list