1. 3

  2. 1

    The solution that Reductor’s developers found to mark TLS traffic is the most ingenious part. They don’t touch the network packets at all; instead developers analyzed the Firefox source code and Chrome binary code to patch the corresponding pseudo random number generation (PRNG) functions in the process’s memory. Browsers use PRNG to generate the ‘client random’ sequence for the network packet at the very beginning of the TLS handshake.

    Ah, this is novel. This is a new category of attack. (Right? Anybody here know of precedent?)