Have we seen malware ripping keys out of memory? It seems a stretch to think tha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		skolor on Feb 13, 2015 \| parent \| context \| favorite \| on: Decrypting TLS Browser Traffic with Wireshark Have we seen malware ripping keys out of memory? It seems a stretch to think that making this slightly easier to do will result in it being more widespread. What reason does malware have to do this that isn't better served by DNS Hijacking + installing a root cert?

bigiain on Feb 13, 2015 | [–]

This gets an attacker session keys for TLS sessions with forward privacy - which'd be kinda handy if you were a (the?) "global passive adversary" who's already syphoning off _all_ the traffic in and out of the major cables and datacenters.

lstamour on Feb 13, 2015 | [–]

This might get around pesky certificate pinning ;-)

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact