dankaminsky   26

'Born at the Right Time': How Kid Hackers Became Cyberwarriors - NBC News.com
"The Internet was never designed to be safe and secure," said Dan Kaminsky, 35, renowned for discovering a flaw in the Internet's domain name system and the founder of a bot- and malware-detection firm called White Ops. "And when security started being a problem, the people who really knew what to do about it were us."

Jay Kaplan, 29, a former NSA counterterrorism agent who in 2013 co-founded Synack, a venture capital-backed firm that recruits security experts from around the world to help companies find bugs in their networks. "Where there's a need, there's money for companies that have a solution."
dankaminsky  siliconvalley  entrepreneurship  entre  business  ceo  hacker  hackers 
january 2015 by bwiese
The DEFCON Documentary Preview Reel
"My talk's just stories. And that's the one think I advise everyone else giving a speech: you're telling a story .. to your friends, about some cool stuff. I have hundred of hours of research that I tie together to a coherent explanation of the world." (Dan Kaminsky)

"The best moment at DEFCON are always going to be at four in the morning when someone's showing off some really silly stunt that they build - maybe it's good or maybe it's not, but man, they love it, and they enjoy talking about it." (Dan Kaminsky)
narration  nerd  social  jasonscott  culture  video  dankaminsky  dan  hacker  hacking  defcon 
december 2012 by gohai
An open letter to Netflix from the authors of the de-anonymization paper « 33 Bits of Entropy
The researchers behind the de-anonymisation paper deplore the cancellation of the 2d phase of the Netflix prize:
"One of us has publicly referred to the dampening of research as the “worst possible outcome” of privacy studies."
They suggest an approach where algorithms are tested on the owner's infrastructure:
"setting up an online system for data analysis rather than an “anonymize and release” approach"

Interesting comments from Dan Kamisky:
"any system patterned enough to predicted, is patterned enough to be correlated with external data sources"
privacy  netflix  research  2010  opendata  anonymization  anonymisation  dankaminsky  anonymity  datamining 
march 2010 by pascalvanhecke
HOWTO Make a DNS dead-drop - Boing Boing
Landon Fuller figured out a nice application for Dan Kaminsky's DNS hack — using DNS servers on the public Internet as "dead drops," with messages stashed on them that can only be retrieved by people with the secret:

In each DNS query, 7 bits are reserved for a number of flags, one of which is the Recursion Desired (RD) flag. If set to 0, the queried DNS server will not attempt to recurse — it will only provide answers from its cache.

Combine this with a wildcard zone and it's possible to signal bits (RD on), and read them (RD off). To set a bit to 1 the sender issues a query with the RD bit on. The wildcard zone resolves all requests, including this query. The receiver then issues a query for the same hostname, with the RD bit off. If the bit is 1, the query will return a valid record. If the bit is 0, no record will be returned.

So, it's easy to signal a single bit, but what if you want to share more than 1 bit of data? This requires both sides to compute a list of records — one record for every bit of data we wish to send. In my implementation, I chose to do this with a pre-shared word list and initialization vector (IV). Given the same word list and IV, both sender and receiver can independently compute an identical mapping of words to bit positions. The sender can then signal the '1' bits, and the receiver can query all bits.
DNS  hacking  interesting  from:BoingBoing  via:BruceSchneier  security  to-read  DanKaminsky  LandonFuller  crypto 
december 2008 by owenblacker
The Dan Kaminsky Soundboard
I mostly like clicking the one that makes Dan say "make penis fast".
humor  dns  soundboard  dankaminsky 
august 2008 by boogah
Dan Kaminsky's DNS Black Hat video
Filed under: downloads hacks, security hacks
Black Hat has published the media from Dan Kaminsky's infamous DNS vulnerability talk. You can get the full video (101MB) or just the audio.The full archive of slides and white papers from this year has been posted too.Read | Permalink | Email this | Linking Blogs | Comments
blackhat  blackhat2008  dankaminsky  dns  slides  video  whitepaper  from google
august 2008 by DarkHalf
Business Technology : Disclosing a Hole in the Internet
"A security researcher Wednesday made public a way to exploit a flaw in the way the Internet was constructed, one that could allow a bad guy to intercept every email, copy every Web site, and steal just about every piece of information sent over the network. Telling the world about the flaw, he argues, was the only way to save the Internet ..."

Nice piece about Kaminsky and the DNS hole.
dankaminsky  wsj  security  opensource 
august 2008 by quince
An Illustrated Guide to the Kaminsky DNS Vulnerability
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.
dankaminsky  security  reference  dns  network  internet  hack  blackhat 
august 2008 by quince
Securing DNS on OSX
Filed under: security hacks
It's been a few weeks since [Dan Kaminsky] announced the nature of the DNS vulnerability and allowed 30 days of non-disclosure for patches to be applied before details of the exploit went public. Unfortunately, the details were leaked early and it didn't take long for a functional exploit to be released into the wild. Since then, many ISPs have taken steps to prevent their users from falling victim to the attack, and BIND, the widely-used DNS protocol implementation, was updated to minimize the threat. Even then, there were reports of a version of the attack being actively used on AT&T's DNS servers.Mac OSX uses a BIND implementation but as of yet, Apple has not released a patch updating the system (Microsoft, on the other hand, patched this up on July 8). As a result, machines running OSX are at risk of being exploited. Individual users are less likely to be targeted, since the attacks are directed towards servers, but it's not a smart idea to leave this vulnerability open. [Glenn Fleishman] has published a way to update BIND on OSX manually, rather than waiting on Apple to patch it themselves. It requires Xcode and a bit of terminal work, but it's a relatively painless update. When we tried it, the "make test" step skipped a few tests and told us to run "bin/tests/system/ifconfig.sh up". That allowed us to re-run the tests and continue the update without further interruption. [Fleischman] warns that people who manually update BIND may break the official update, but he will update his instructions when it happens with any possible workarounds. Unfortunately, this fix only works for 10.5 but alternative, yet less effective methods may work for 10.4 and earlier.If you'd like to know if your preferred DNS servers are vulnerable or not, you can use the DNS checker tool from Doxpara. As an alternative to your ISP's DNS servers, you can use OpenDNS, which many prefer for its security features and configuration options.Read | Permalink | Email this | Linking Blogs | Comments
apple  dankaminsky  dns  dnsattack  mac  OsX  terminal  vulnerability  from google
july 2008 by rjmolesa
DNS exploit in the wild
Filed under: news, security hacks
We've been tracking Metasploit commits since Matasano's premature publication of [Dan Kaminsky]'s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: "ZOMG. What is this? >:-)"). [HD] told Threat Level that it doesn't work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU's advisory. For a more detailed description of how the attack works, see this mirror of Matason's post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]'s site.[photo: mattdork]Read | Permalink | Email this | Linking Blogs | Comments
cache  dankaminsky  dns  druid  exploit  hdmoore  matasano  metasploit  from google
july 2008 by rjmolesa

related tags

2003  2008  2010  advertising  andreasgustafsson  anonymisation  anonymity  anonymization  apple  attack  barefruit  bikemonkey  bitcoin  blackhat  blackhat2008  blackops  blog  breach  brettfausett  business  by:joshuadavis  cache  ceo  chaddougherty  comcast  commentleft  coslinks  cox  crypto  culture  dan  datamining  daveroberts  davidulevitch  deaddrop  defcon  dinodaizovi  dns  dnsattack  druid  earthlink  entre  entrepreneurship  exploit  flaw  florianweimer  fraud  from:boingboing  hack  hacker  hackers  hacking  hacks  hdmoore  humor  interesting  internet  jasonlarsen  jasonlevine  jasonscott  kaminsky  landonfuller  legislation  mac  matasano  metasploit  narration  nerd  netflix  netscape  network  networking  news  opendata  opensource  osx  paulvixie  phishing  politics  print  privacy  public-private-key  publickey  python  qwest  read  reference  rel:02008  research  richmogull  rsa  ryansingel  sandywilbourn  secureid  security  siliconvalley  slides  social  software  sony  soundboard  src:wired  ssh  ssl  stupid  tcp/ip  terminal  thomasptacek  to-read  tool  toorcon  verisign  verizon  video  visualization  vulnerability  washpost  web  whitepaper  wired  wouterwijngaards  wsj  xcp  youtube  ★★★★ 

Copy this bookmark: