Dan Kaminsky

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Lua error in package.lua at line 80: module 'strict' not found. Dan Kaminsky was an American security researcher. He was a Co-Founder and Chief Scientist of White Ops, a firm specializing in detecting malware activity via JavaScript. He has worked for Cisco, Avaya, and IOActive, where he was the Director of Penetration Testing.^[2][3] He is known among computer security experts for his work on DNS cache poisoning, and for showing that the Sony Rootkit had infected at least 568,200 computers^[4] and for his talks at the Black Hat Briefings.^[3]

In June 2010, Kaminsky released Interpolique,^[5][6] a beta framework for addressing injection attacks such as SQL injection and cross-site scripting in a manner comfortable to developers.

On June 16, 2010, he was named by ICANN as one of the Trusted Community Representatives for the DNSSEC root.^[7]

Flaw in DNS

In July 2008, the CERT Coordination Center announced that Kaminsky had discovered a fundamental flaw in the Domain Name System (DNS) protocol. The flaw could allow attackers to easily perform cache poisoning attacks on most nameservers^[8] (djbdns, PowerDNS, MaraDNS, Secure64 and Unbound were not vulnerable).^[9] With most Internet-based applications depending on DNS to locate their peers, a wide range of attacks became feasible, including web site impersonation, email interception, and authentication bypass via the "Forgot My Password" feature on many popular websites.

Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008.^[10] The vulnerability itself has not been fully fixed, as it is a design flaw in DNS itself.^[11]

Kaminsky had intended not to publicize details of the attack until 30 days after the release of the patch, but details were leaked on July 21, 2008.^[12] The information was quickly pulled down, but not before it had been mirrored by others.^[13]

Kaminsky received a substantial amount of mainstream press after disclosing his vulnerability,^[14][15] but experienced some backlash from the computer security community for not immediately disclosing his attack.^[16]

The actual vulnerability was related to DNS only having 65,536 possible transaction IDs, a number small enough to simply guess given enough opportunities. Dan Bernstein, author of djbdns, had reported this as early as 1999.^[17] djbdns dealt with the issue using Source Port Randomization, in which the UDP port was used as a second transaction identifier, thus raising the possible ID count into the billions. Other more popular name server implementations left the issue unresolved due to concerns about performance and stability, as many operating system kernels simply weren't designed to cycle through thousands of network sockets a second. Instead, other implementers assumed that DNS's time to live (TTL) field would limit a guesser to only a few attempts a day.^[18]

Kaminsky's attack bypassed this TTL defense by targeting "sibling" names like "83.example.com" instead of "www.example.com" directly. Because the name was unique, it had no entry in the cache, and thus no TTL. But because the name was a sibling, the transaction-ID guessing spoofed response could not only include information for itself, but for the target as well. By using many "sibling" names in a row, he could induce a DNS server to make many requests at once. This provided enough opportunities to guess the transaction ID to successfully spoof a reply in a reasonable amount of time.

To fix this, all major DNS servers implemented Source Port Randomization, as both djbdns and PowerDNS had before. This fix is widely seen as a stopgap measure, as it only makes the attack up to 65,536 times harder.^{[citation needed]} An attacker willing to send billions of packets can still corrupt names. DNSSEC has been proposed as the way to bring cryptographic assurance to results provided by DNS, and Kaminsky has spoken in favor of it.^[19]

Sony rootkit

During the Sony BMG CD copy protection scandal, Kaminsky used DNS cache snooping to find out whether or not servers had recently contacted any of the domains accessed by the Sony rootkit. He used this technique to estimate that there were at least 568,200 networks that had computers with the rootkit.^[4]

Earthlink and DNS lookup

In April 2008, Kaminsky realized a growing practice among ISPs potentially represented a security vulnerability. Various ISPs have experimented with intercepting return messages of non-existent domain names and replacing them with advertising content. This could allow hackers to set up phishing schemes by attacking the server responsible for the advertisements and linking to non-existent subdomains of the targeted websites. Kaminsky demonstrated this process by setting up Rickrolls on Facebook and PayPal.^[2][20] While the vulnerability used initially depended in part that Earthlink was using Barefruit to provide its advertising, Kaminsky was able to generalize the vulnerability to attack Verizon by attacking its ad provider, Paxfire.^[21]

Kaminsky went public after working with the ad networks in question to eliminate the immediate cross-site scripting vulnerability.^[22]

Automated detection of Conficker

On March 27, 2009, Kaminsky discovered that Conficker-infected hosts have a detectable signature when scanned remotely.^[23] Signature updates for a number of network scanning applications are now available including NMap^[24] and Nessus.^[25]

Flaws in Internet X.509 Infrastructure

In 2009, in cooperation with Meredith L. Patterson and Len Sassaman, Kaminsky discovered numerous flaws in the SSL protocol. These include the use of the weak MD2 hash function by Verisign in one of their root certificates and errors in the certificate parsers in a number of Web browsers that allow attackers to successfully request certificates for sites they don't control.^[26][27]

Attack by "Zero for 0wned"

On July 28, 2009, Kaminsky, along with several other high-profile security consultants, experienced the publication of their personal email and server data by hackers associated with the "Zero for 0wned" online magazine.^[28][29][30] The attack appeared to be designed to coincide with Kaminsky's appearance at the Black Hat Briefings and DEF CON conferences.

Vaccination

(Main article: List of deaths and injuries following COVID-19 vaccination)

On April 12, 2021, Dan Kaminsky received his 2nd dose of Pfizer at Moscone Center in San Francisco^[31]. He had previously received his first vaccination on March 22, 2021, and tweeted his vaccination record "VaxCON 2021 at Moscone South!"^[32]. 10 days after his 2nd dose, on April 23, 2021, he died^[1][33]. His niece, Sarah, posted "Dan struggled for years with diabetes and was even recently hospitalized because of it. This tragedy has nothing to do with the COVID-19 vaccination and unfortunately everything to do with diabetic ketoacidosis"^[34].

Death

Kaminsky's death emerged on social media on April 24th, 2021, and was confirmed shortly after in the industry press.^[1] Circumstances surrounding his death are presently not publicly known.

References

<templatestyles src="Reflist/styles.css" />

External links

Wikimedia Commons has media related to Lua error in package.lua at line 80: module 'strict' not found..

• No URL found. Please specify a URL here or add one to Wikidata.
• Wired article on the Dan Kaminsky DNS story
• Dan Kaminsky, Cricket Liu and Scott Rose on DNSSEC
• Website of security company White Ops, of which Dan Kaminsky is a founder

Lua error in package.lua at line 80: module 'strict' not found.

1. ↑ ^{1.0 1.1 1.2} Lua error in package.lua at line 80: module 'strict' not found. Cite error: Invalid <ref> tag; name "sw20210424" defined multiple times with different content
2. ↑ ^{2.0 2.1} Lua error in package.lua at line 80: module 'strict' not found.
3. ↑ ^{3.0 3.1} Lua error in package.lua at line 80: module 'strict' not found.
4. ↑ ^{4.0 4.1} Lua error in package.lua at line 80: module 'strict' not found.
5. ↑ Lua error in package.lua at line 80: module 'strict' not found.
6. ↑ Lua error in package.lua at line 80: module 'strict' not found.
7. ↑ Lua error in package.lua at line 80: module 'strict' not found.
8. ↑ Lua error in package.lua at line 80: module 'strict' not found.
9. ↑ Lua error in package.lua at line 80: module 'strict' not found.
10. ↑ Lua error in package.lua at line 80: module 'strict' not found.
11. ↑ Lua error in package.lua at line 80: module 'strict' not found.
12. ↑ Lua error in package.lua at line 80: module 'strict' not found.
13. ↑ Lua error in package.lua at line 80: module 'strict' not found.
14. ↑ Lua error in package.lua at line 80: module 'strict' not found.
15. ↑ Lua error in package.lua at line 80: module 'strict' not found.
16. ↑ Pwnie Award Nominees Archived 2008-07-30 at the Wayback Machine
17. ↑ Lua error in package.lua at line 80: module 'strict' not found.
18. ↑ Lua error in package.lua at line 80: module 'strict' not found.
19. ↑ https://www.blackhat.com/presentations/bh-dc-09/Kaminsky/BlackHat-DC-09-Kaminsky-DNS-Critical-Infrastructure.pdf
20. ↑ Lua error in package.lua at line 80: module 'strict' not found.
21. ↑ Lua error in package.lua at line 80: module 'strict' not found.
22. ↑ Lua error in package.lua at line 80: module 'strict' not found.
23. ↑ Lua error in package.lua at line 80: module 'strict' not found.
24. ↑ Lua error in package.lua at line 80: module 'strict' not found.
25. ↑ Lua error in package.lua at line 80: module 'strict' not found.
26. ↑ Lua error in package.lua at line 80: module 'strict' not found.
27. ↑ https://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/
28. ↑ Ries, Ulie "Crackers publish hackers' private data", heise online, 2009-7-31. Retrieved on 2009-7-31.
29. ↑ Goodin, Dan "Security elite pwned on Black Hat eve", The Register, 2009-7-29. Retrieved on 2009-7-31.
30. ↑ Zetter, Kim "Real Black Hats Hack Security Experts on Eve of Conference", Wired.com, 2009-7-29. Retrieved on 2009-7-31.
31. ↑ Lua error in package.lua at line 80: module 'strict' not found.
32. ↑ Lua error in package.lua at line 80: module 'strict' not found.
33. ↑ Lua error in package.lua at line 80: module 'strict' not found.
34. ↑ Lua error in package.lua at line 80: module 'strict' not found.