Throughout his career, Dan chose the course that he felt would best safeguard both people and the internet
Recently, we unexpectedly lost Dan Kaminsky, among the security research study worlds best known scientists. Dan was extremely concerned and very well-liked. He also did something in 2008 that truly assisted in saving the Internet.
Dan was what we in the industry call a “penetration tester”– or “pen tester”– which is somebody who attempts to find issues so they can be repaired before malicious people find them and attack them. He was a hero working tirelessly behind the scenes in a never ever ending race against the bad men who wanted to dedicate criminal offenses online..
In 2008, Dan discovered an issue in the Domain Name System (DNS). Its run by servers around the world and is so crucial that some have special security protecting them. Dan would later on be one of an extremely small handful of people relied on with the keys to some of these most vital servers.
The issue Dan discovered affected pretty much all DNS servers online at the time. Were talking about tens of thousands of servers all over the world, running software application from dozens of business and jobs.
Dan Kaminsky (Image credit: The New York Times).
After he discovered this problem, Dan had to decide what to do with this information. Dan chose to attempt and get this fixed by working in complete confidence with everybody who made DNS servers.
It was the biggest coordinated response to an issue like this the world had seen so far (and might well still be the largest). For months, software application engineers at business like Microsoft (where Dan and I were both working on this at the time) and Apple, organizations like BIND and openDNS, and others collaborated to come up with a service and put it into our items. It was an incredibly complicated venture and we had to work as fast as possible in case another person learnt about this or leaked the information before we repaired it.
On July 8, 2008, security collaborating organizations consisting of CERT-CC in the United States and its peers worldwide and makers of DNS server software like Microsoft, RedHat, IBM, Sun, Apple, to name a few, began to release their advisories and patches for this problem. To get an idea of the number of companies were included, you can see that the CERT-CC advisory lists 91 suppliers all over the world that were affected.
It was so successful that the issue was never really efficiently assaulted. And, most notably, the web never ever crashed.
Dan would go on to share his findings with the security research study world 3 weeks later at the Black Hat conference, where security researchers routinely share their findings. It was one of the most gone to sessions in its history. You can hear Dan talk about it himself here.
Ive left out some details that specify to the security research world, such as the controversy about Dans choice to work confidentially instead of advertise the issue as soon as he found it. There are good arguments on both sides of this and its a question that always has (and always will) divide the security research world. The crucial thing on this point is that Dan took the path that he felt would best protect individuals and the internet, and he was successful because.
Theres a fantastic brief video of Dan discussing the issue himself here that goes more into both the history and technical details of this. It likewise gives a sense of his style and character and assists show why he was such a popular presenter at Black Hat.
As a person, Dan was humble and offering. He supported others research study and worked to motivate and raise individuals up. He was the reverse of the unfavorable stereotype of a “hacker.” He likewise embodied the favorable qualities of a great security scientist. He was among the 10s of countless individuals who are working so hard every day to keep you, me, and the web safe. You hear about all that goes incorrect, but you seldom– if ever– hear of all the quieter success like this when things go. And things like this take place all the time.
Dans unexpected passing at 42 is a loss not simply for the security research world, however for the world at large. And so I hope Ive been able to reveal that we all owe Dan our thankfulness for the work he did then, and beyond that.
Last week, we unexpectedly lost Dan Kaminsky, one of the security research study worlds best understood researchers. For months, software application engineers at business like Microsoft (where Dan and I were both working on this at the time) and Apple, companies like BIND and openDNS, and others worked together to come up with a solution and put it into our products. Dan would go on to share his findings with the security research study world 3 weeks later at the Black Hat conference, where security scientists regularly share their findings. Ive left out some details that are specific to the security research world, such as the debate about Dans choice to work in complete confidence rather than publicize the concern as soon as he found it. Dans unexpected death at 42 is a loss not just for the security research world, however for the world at big.