[tor-talk] Using passwords with TOR
tor at lists.grepular.com
tor at lists.grepular.com
Sun May 22 20:48:24 UTC 2011
On 22/05/2011 20:03, Lee wrote:
>> I use a Firefox addon called Certificate Patrol. It keeps a record of
>> certificates that https websites serve. It then alerts you if they
>> change. It displays information about the old certificate next to the
>> new certificate so you can tell if the issuer has changed, and if the
>> old cert was due to expire anyway.
>>
>> Should come in handy if you come across a Tor Exit node that is somehow
>> generating "valid" certificates for a domain and MITM'ing you.
>
> yes - that looks helpful. Which version of Firefox are you using? I
> tried it with FF 4.0.1 and no matter what the settings, javascript
> enabled/disabled, noscript addon enabled/disabled I couldn't get a
> popup for a newly accepted cert :(
Strange. I'm using 4.0.1 on OSX. I just turned on the functionality to
always popup info about new certificates and I don't think that is
working for me either. It definitely pops up stuff when the certificate
changes though. Maybe worth a bug report?
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110522/dffb934d/attachment.pgp>
More information about the tor-talk
mailing list