----- Original Message -----
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
For those who haven't been following, check out https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it You should pay special attention if you're in an environment where your ISP (or your government!) might try a man-in-the-middle attack on your interactions with https://www.torproject.org/. We stepped up our schedule for switching the Tor Browser Bundle to Firefox 6 (which we can build from source on all platforms, and thus remove the offending CA ourselves). New bundles are out now: https://blog.torproject.org/blog/new-tor-browser-bundles-4 Perhaps now is a great time for you to learn how to verify the signatures on Tor packages you download: https://www.torproject.org/docs/verifying-signatures --Roger Hello Roger. Is it possible to check the signatures for the Browser bundle, which I use on a USB with Windows but check the signatures from my Mac? I only use internet cafe computers as they are so readily available where I live, are much faster than what I have been able to purchase for an ISP provider from my home and many times just isn't working. Don't know if that is possible to do from Mac on .exe files or whatever. Not real savvy here. Sorry.
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk