Published on: October 8, 2008
Name /// Dan Kaminsky
Age /// 29
Location /// Seattle
Association /// Director of penetration testing for IOActive
Reputation /// Kaminsky recently discovered a pervasive security hole in the Web that could let criminals silently hijack the online traffic of entire Internet service providers and major corporations.
Inside the Controversy /// Kaminsky's discovery highlighted for cyber attackers and defenders alike the inherent insecurity of a key component of the global communications network, which was never designed with security in mind.
Kaminsky found a major flaw in the domain name system (DNS), the communications standard that translates domain names like example.com into numeric Internet addresses that are easier for computers to handle. On July 8, dozens of software and hardware makers issued coordinated fixes for the vulnerability. Instructions for exploiting the flaw have since been posted online. Meanwhile, only about half of the companies that manage the Internet infrastructure have applied the updates.
"It's a scary time right now," Kaminsky says. "This thing is trivial to exploit, and it's been sitting there unfixed since the beginning of the Internet. The choice was either to fix it or leave this knowledge in the hands of a few malicious actors."
As the first public reports of criminals exploiting the flaw began to surface in July, security experts once again called for widespread adoption of "DNSSec," an extension for DNS that adds authentication and data integrity to the system. Meanwhile, a Russian physicist recently showed how he was able to exploit networks even after they were protected by Kaminsky's DNS patch.
CLICK FOR MORE: The Internet's Top 10 Most Controversial Figures of 2008 |
||||
Dan Kaminsky | Julian Assange | Anne Wojcicki and Linda Avey | Charlie Miller | Brad Fitzpatrick |
HD Moore | Jon Lech Johansen, aka "DVD Jon" | Joe Stewart | Jacob Appelbaum |
PM contributor Brian Krebs is The Washington Post's computer security reporter. Check out his daily blog, Security Fix, right here.
RELATED STORIES
• ONLINE SECURITY: Your Ultimate Guide to Web Privacy
• Q&A: MIT Subway Hacker Offers Analysis of Court Injunction
• Q&A: RBNexploit Editor Breaks Down Russia-Georgia Cyber War
• Q&A: Anonymous NSA Red Team Hacker Explains Secret Ops
• PM INVESTIGATES: Counterfeit Chips Raise Big Hacking, Terror Threats
• PODCAST: Experts on the Forefront of Digital Security
所有跟帖:
• 10个里面只有3个戴眼镜的,这还是搞计算机的。 -帅康- ♂ (44 bytes) () 10/09/2008 postreply 03:23:07
• 大概还有5个是戴隐形眼镜的,现在年轻人都是这样的。 -π- ♂ (0 bytes) () 10/09/2008 postreply 08:32:40
• cool,可惜我当不上黑客 -rainygan- ♀ (0 bytes) () 10/09/2008 postreply 18:56:44
• 一个老中都没有 -lanyu- ♀ (0 bytes) () 10/10/2008 postreply 12:19:42