Dan Kaminsky
Dan Kaminsky | |
---|---|
DNS cache poisoning vulnerability | |
Website | dankaminsky |
Daniel Kaminsky (February 7, 1979 – April 23, 2021) was an American computer security researcher. He was a co-founder and chief scientist of Human Security (formerly White Ops), a computer security company. He previously worked for Cisco, Avaya, and IOActive, where he was the director of penetration testing.[2][3] The New York Times labeled Kaminsky an "Internet security savior" and "a digital Paul Revere".[1]
Kaminsky was known among computer security experts for his work on
Early life
Daniel Kaminsky was born in San Francisco on February 7, 1979, to Marshall Kaminsky and Trudy Maurer. His mother told The New York Times that after his father bought him a RadioShack computer at age four, Kaminsky had taught himself to code by age five. At 11, his mother received a call from a government security administrator who told her that Kaminsky had used penetration testing to intrude into military computers, and that the family's Internet would be cut off. His mother responded by saying if their access was cut, she would take out an advertisement in the San Francisco Chronicle to publicize the fact that an 11-year-old could break military computer security. Instead, a three-day Internet "timeout" for Kaminsky was negotiated. In 2008, after Kaminsky found and coordinated a fix for a fundamental DNS flaw, he was approached by the administrator, who thanked him and asked to be introduced to his mother.[1]
Kaminsky attended St. Ignatius High School and Santa Clara University. After graduating from college, he worked for Cisco, Avaya, and IOActive, before founding his own firm White Ops (later renamed Human Security).[1]
Career
Sony rootkit
During the Sony BMG copy protection rootkit scandal, where Sony BMG was found to be covertly installing anti-piracy software onto PCs, Kaminsky used DNS cache snooping to discover whether servers had recently contacted any of the domains accessed by the Sony rootkit. He used this technique to estimate that there were at least 568,000 networks that had computers with the rootkit.[4] Kaminsky then used his research to bring more awareness to the issue while Sony executives were trying to play it down.[1]
Earthlink and DNS lookup
In April 2008, Kaminsky realized a growing practice among ISPs potentially represented a security vulnerability.
Kaminsky went public after working with the ad networks in question to eliminate the immediate cross-site scripting vulnerability.[9]
Flaw in DNS
In 2008, Kaminsky discovered a fundamental flaw in the
Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008.[18]
Kaminsky had intended not to publicize details of the attack until 30 days after the release of the patch, but details were leaked on July 21, 2008.[19] The information was quickly pulled down, but not before it had been mirrored by others.[20] He later presented his findings at the Black Hat Briefings, at which he wore both a suit and rollerskates.[1]
Kaminsky received a substantial amount of mainstream press after disclosing this vulnerability,[21] but experienced some backlash from the computer security community for not immediately disclosing his attack.[22] When a reporter asked him why he had not used the DNS flaw for his own financial benefit, Kaminsky responded that he felt it would be morally wrong, and he did not wish for his mother to visit him in prison.[1]
The actual vulnerability was related to DNS only having 65,536 possible transaction IDs, a number small enough to simply guess given enough opportunities.
Kaminsky's attack bypassed this TTL defense by targeting "sibling" names like "83.example.com" instead of "www.example.com" directly. Because the name was unique, it had no entry in the cache, and thus no TTL. But because the name was a sibling, the transaction-ID guessing spoofed response could not only include information for itself, but for the target as well. By using many "sibling" names in a row, he could induce a DNS server to make many requests at once. This tactic provided enough opportunities to guess the transaction ID to successfully spoof a reply in a reasonable amount of time.[25]
To fix this issue, all major DNS servers implemented Source Port Randomization, as djbdns and PowerDNS had done before. This fix makes the attack up to 65,536 times harder. An attacker willing to send billions of packets can still corrupt names.
Automated detection of Conficker
On March 27, 2009, Kaminsky discovered that
Flaws in Internet X.509 infrastructure
In 2009, in cooperation with
Attack by "Zero for 0wned"
On July 28, 2009, Kaminsky, along with several other high-profile security consultants, experienced the publication of their personal email and server data by hackers associated with the "Zero for 0wned" online magazine.[33][34][35] The attack appeared to be designed to coincide with Kaminsky's appearance at the Black Hat Briefings.[36]
Interpolique
In June 2010, Kaminsky released Interpolique,[37][38] a beta framework for addressing injection attacks such as SQL injection and cross-site scripting in a manner comfortable to developers.[39]
Personal life and death
The New York Times wrote that "in a community known for its biting, sometimes
Kaminsky was also an outspoken
Kaminsky died on April 23, 2021, of diabetic ketoacidosis at his home in San Francisco.[40][41] He had been frequently hospitalized for the disease in prior years. After his death, he received tributes from the Electronic Frontier Foundation, which called him a "friend of freedom and embodiment of the true hacker spirit", and from Jeff Moss, who said Kaminsky should be in the Internet Hall of Fame.[1] On December 14, 2021, that wish came to fruition.[42]
Works
- Russell, Ryan (2000). Hack proofing your network : internet tradecraft (1 ed.). Rockland, MA: ISBN 1-928994-15-6.
References
- ^ a b c d e f g h i j k l Perlroth, Nicole (April 27, 2021). "Daniel Kaminsky, Internet Security Savior, Dies at 42". The New York Times. Archived from the original on April 29, 2021. Retrieved April 27, 2021.
- ^ a b Singel, Ryan (April 19, 2008). "ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses". Wired. Retrieved May 19, 2008.
- ^ a b Mimoso, Michael S. (April 14, 2008). "Kaminsky on DNS rebinding attacks, hacking techniques". Search Security. Retrieved May 19, 2008.
- ^ a b Norton, Quinn (November 15, 2005). "Sony Numbers Add Up to Trouble". Wired. Archived from the original on April 23, 2008. Retrieved May 19, 2008.
- ^ "IANA — DNSSEC Project Archive - Launch TCR Selection". www.iana.org.
- ISSN 1059-1028. Retrieved May 1, 2021.
- ^ McFeters, Nathan (April 21, 2008). "ToorCon Seattle 2008: Nuke plants, non-existent sub domain attacks, muffin diving, and Guitar Hero | Zero Day | ZDNet.com". Blogs.zdnet.com. Archived from the original on August 1, 2008. Retrieved January 25, 2013.
- ^ Krebs, Brian (April 30, 2008). "More Trouble With Ads on ISPs' Error Pages". The Washington Post. Archived from the original on May 3, 2011. Retrieved May 19, 2008.
- ^ McMillan, Robert (April 19, 2008). "EarthLink Redirect Service Poses Security Risk, Expert Says". PC World. Retrieved May 19, 2008.[permanent dead link]
- ^ "CERT Vulnerability Note VU#800113: Multiple DNS implementations vulnerable to cache poisoning". United States Computer Emergency Readiness Team. July 8, 2008. Retrieved November 27, 2008.
- Network World. Archived from the originalon February 13, 2009. Retrieved June 14, 2021.
"We worked with vendors on a coordinated patch," said Kaminsky, noting this is the first time such a coordinated multi-vendor synchronized patch release has ever been carried out. Microsoft, Sun, ISC's DNS Bind, and Cisco have readied DNS patches, said Kamisnky. "The patch was selected to be as non-disruptive as possible." ... Lack of an applied patch in the ISP infrastructure would mean "they could go after your ISP or Google and re-direct them pretty much wherever they wanted." Both current and older versions of DNS may be vulnerable, Kaminsky says, and patches may not be available for older DNS software. He says Yahoo was vulnerable because it uses an older version of BIND but had committed to upgrading to BIND 9.0.
- ^ Mogull, Rich (July 8, 2008). "Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released". securosis. Archived from the original on July 11, 2008. Retrieved June 14, 2021.
- ^ "Archived copy". hw.libsyn.com. Archived from the original on January 29, 2011. Retrieved January 12, 2022.
{{cite web}}
: CS1 maint: archived copy as title (link) - ^ "Securosispublications - Article" (PDF). Archived from the original (PDF) on August 27, 2008.
- ^ "Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released (Securosis.com) [LWN.net]". lwn.net.
- ^ "An Astonishing Collaboration". DoxPara Research. July 9, 2008. Archived from the original on July 14, 2008. Retrieved June 14, 2021.
- ^ "Ow My Toe". DoxPara Research. July 11, 2008. Archived from the original on July 15, 2008. Retrieved June 14, 2021.
- ^ Vixie, Paul (July 14, 2008). "Not a Guessing Game". Circleid.com. Retrieved January 25, 2013.
- ^ "Kaminsky's DNS Issue Accidentally Leaked?". Invisible Denizen blog. July 21, 2008. Retrieved July 30, 2008.
- ^ "DNS bug leaks by matasano". beezari's LiveJournal. July 22, 2008. Archived from the original on September 17, 2008. Retrieved July 30, 2008.
- ^ Lathrop, Daniel; Shukovsky, Paul (August 3, 2008). "Seattle security expert helped uncover major design flaw on Internet". Seattle Post-Intelligencer.
- ^ "Pwnie Awards 2008". pwnies.com. Archived from the original on May 6, 2021. Retrieved April 28, 2021.
- ^ "DNS forgery". Cr.yp.to. Retrieved January 25, 2013.
- ^ "Measures to prevent DNS spoofing". Ds9a.nl. November 2, 2006. Retrieved January 25, 2013.
- ^ Rashid, Fahmida Y. (April 23, 2018). "Hacker History: How Dan Kaminsky Almost Broke the Internet". Duo.com. Retrieved April 28, 2021.
- ^ "DNS forgery". Daniel J. Bernstein.
- ^ Kaminsky, Dan. "DNS 2008 and the new (old) nature of critical infrastructure" (PDF). blackhat.com. Retrieved April 30, 2021.
- ^ Goodin, Dan (March 30, 2009). "Busted! Conficker's tell-tale heart uncovered". The Register. Retrieved March 31, 2009.
- ^ Bowes, Ronald (March 30, 2009). Scanning for Conficker with Nmap. Skullsecurity.org. Archived from the original on April 2, 2009. Retrieved March 31, 2009.
- ^ Asadoorian, Paul (April 1, 2009). Updated Conficker Detection Plugin Released. Tenable Security. Archived from the original on September 26, 2010. Retrieved April 2, 2009.
- ^ Rodney (August 2, 2009). "Dan Kaminsky Feels a disturbance in The Internet". SemiAccurate. Retrieved January 25, 2013.
- ^ Goodin, Dan (July 30, 2009). "Wildcard certificate spoofs web authentication". The Register.
- heise online. Retrieved July 31, 2009.
- ^ Goodin, Dan (July 29, 2009). "Security elite pwned on Black Hat eve". The Register. Retrieved July 31, 2009.
- Wired.com. Retrieved July 31, 2009.
- ^ Constantin, Lucian (July 30, 2009). "Security Gurus 0wned by Black Hats". Softpedia. Retrieved April 28, 2021.
- ^ "Interpolique Home Page". Archived from the original on June 18, 2010.
- ^ "Kaminsky Issues Developer Tool To Kill Injection Bugs". Dark Reading. June 14, 2010.
- ^ Walker, James (April 26, 2021). "Dan Kaminsky: Tributes pour in for security researcher who died after short illness". The Daily Swig. Retrieved April 28, 2021.
- ^ "Security Researcher Dan Kaminsky Passes Away". Security Week. Wired Business Media. April 24, 2021.
The cybersecurity world woke up Saturday to news of the sudden passing of Dan Kaminsky, a celebrated hacker who is widely credited with pioneering research work on DNS security.
- ^ "Security Researcher Dan Kaminsky Has Died". CircleID. April 24, 2021. Retrieved April 24, 2021.
- ^ "INTERNET HALL of FAME - Dan Kaminsky". Internet Hall of Fame. ISOC. December 14, 2021.
External links
- Dan Kaminsky on Twitter
- Kaminsky, Dan. "Welcome". DoxPara Research. Archived from the original on January 24, 2000.
- Davis, Joshua (November 24, 2008). "Secret Geek A-Team Hacks Back, Defends Worldwide Web". ISSN 1059-1028. Retrieved May 1, 2021.
- Dan Kaminsky; Scott Rose; Cricket Liu; (June 2009) DNSSEC: What it Means for DNS Security and Your Network[dead link]
- Human Security - security company, of which Dan Kaminsky was a founder