>I got worried yesterday when instead of the Wikipedia logo on the >top-left corner there was the picture of a nazi (army) guy with a
Is this reproducible? To successfully (without error) insert into an HTTPS connection you must be trusted by the client .. would need list of CAcerts from firefox/iceweasel, the received HTML, and (ideally) a debug TOR log that shows which exit is doing it. I have seen HTTPS MiTM attempts in the past but those exits get blacklisted pretty fast for trying to do it .. maybe you're one of the lucky canaries. A rouge cert signed by a vanilla/public CA would be *very* problematic, and unlikely to be wasted screwing with Wikipedia .. it's far more likely a bogus CA got trusted by your browser, hence the interest in verifying all the certs that are in the keystore. Regards, Michael Holstein Cleveland State University -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
