[tor-talk] Funny, but not amusing browsing
Michael O Holstein
michael.holstein at csuohio.edu
Thu Jul 3 20:02:09 UTC 2014
>I got worried yesterday when instead of the Wikipedia logo on the
>top-left corner there was the picture of a nazi (army) guy with a
Is this reproducible?
To successfully (without error) insert into an HTTPS connection you must be trusted by the client .. would need list of CAcerts from firefox/iceweasel, the received HTML, and (ideally) a debug TOR log that shows which exit is doing it.
I have seen HTTPS MiTM attempts in the past but those exits get blacklisted pretty fast for trying to do it .. maybe you're one of the lucky canaries.
A rouge cert signed by a vanilla/public CA would be *very* problematic, and unlikely to be wasted screwing with Wikipedia .. it's far more likely a bogus CA got trusted by your browser, hence the interest in verifying all the certs that are in the keystore.
Cleveland State University
More information about the tor-talk