Have we seen malware ripping keys out of memory? It seems a stretch to think tha... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

skolor on Feb 13, 2015 | parent | context | favorite | on: Decrypting TLS Browser Traffic with Wireshark

Have we seen malware ripping keys out of memory? It seems a stretch to think that making this slightly easier to do will result in it being more widespread. What reason does malware have to do this that isn't better served by DNS Hijacking + installing a root cert?

bigiain on Feb 13, 2015 | [–]

This gets an attacker session keys for TLS sessions with forward privacy - which'd be kinda handy if you were a (the?) "global passive adversary" who's already syphoning off _all_ the traffic in and out of the major cables and datacenters.

lstamour on Feb 13, 2015 | [–]

This might get around pesky certificate pinning ;-)

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact