Quote from: comsec on December 01, 2012, 09:13 amMITM attacks with tor happen when you connect through exit points, and that node decides to feed you spoofed ssl certs or is running sslstrip. This is why when you download software off torproject.org you check the signature to make sure it matches with the real torproject dev signing keyHoly fucking Christ, I can't believe I've been stupid enough not to be doing that... wtf man. I could practically RUN that attack myself, and in almost 6 months not once did it ever occur to me. I feel fucking retarded...Thanks bro. Good to keep in mind.