Hacker News new | past | comments | ask | show | jobs | submit login

I'm looking forward with interest to see how long it takes for a piece of malware to start reconfiguring exploited machine's browsers and exfiltrating session keys.

(Or, to the news that the NSA/GHCQ/ASIO/et al. have been actively doing this for years already...)




Have we seen malware ripping keys out of memory? It seems a stretch to think that making this slightly easier to do will result in it being more widespread. What reason does malware have to do this that isn't better served by DNS Hijacking + installing a root cert?


This gets an attacker session keys for TLS sessions with forward privacy - which'd be kinda handy if you were a (the?) "global passive adversary" who's already syphoning off _all_ the traffic in and out of the major cables and datacenters.


This might get around pesky certificate pinning ;-)


I have seen malware that repeatedly adds a compromised root certificate to a machine's trusted authorities.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: