Jump to content

Dan Kaminsky

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Mark Bergsma (talk | contribs) at 11:33, 9 July 2008 (remove doc template, add link to DNS). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Dan Kaminsky is a security researcher for IOActive who used to work for Cisco and Avaya.[1][2] Kaminsky is known for refining DNS cache snooping to show that the Sony Rootkit had infected at least 568,200 computers.[3] Kaminsky works as the Director of Penetration Testing.[4] Kaminsky's work with DNS cache snooping and other have made him well-known among computer security experts.[1][3] Kaminsky is also known for his talks at the Black Hat Briefings.[2]

Sony rootkit

During the Sony BMG CD copy prevention scandal, Kaminsky used DNS cache snooping to find out if servers had recently contacted any of the domains accessed by the Sony rootkit. He used this technique to estimate that there were at least 568,200 networks that had computers with the rootkit.[3]

Earthlink and DNS lookup

In April 2008 Kaminsky discovered a serious vulnerability in how Earthlink handled failed DNS lookups.[1] The vulnerability could apply to other ISPs as well. Various ISPs have experimented with intercepting return messages of non-existent domain names and replacing them with advertising content. This could allow hackers to set up phishing schemes by attacking the server responsible for the advertisements and linking to non-existent subdomains of the targeted websites. Kaminsky demonstrated this process by setting up Rickrolls on Facebook and PayPal.[1][5] While the vulnerability used initially depended on part that Earthlink was using BareFruit to provide its advertising, Kaminsky was able to generalize the vulnerability to attack Verizon by attacking its ad provider, Paxfire.[6]

Kaminsky went public with the vulnerability after reports emerged that Network Solutions was using a service similar to that used by Earthlink.[7]

Flaw in DNS

In July 2008, CERT announced that Kaminsky had discovered a fundamental flaw in the DNS protocol itself. The flaw could allow attackers to easily perform cache poisoning attacks[8] on any nameserver. Kaminsky had worked with DNS vendors in secret since earlier in the year to develop a patch, which was released on July 8, 2008.[9]

References

  1. ^ a b c d Ryan Singel (2008-04-19). "ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses". Wired. Retrieved 2008-05-19.
  2. ^ a b Michael S. Mimoso (2008-04-14). "Kaminsky on DNS rebinding attacks, hacking techniques". Search Security. Retrieved 2008-05-19.
  3. ^ a b c Quinn Norton (2005-11-15). "Sony Numbers Add Up to Trouble". Wired. Retrieved 2008-05-19.
  4. ^ "Dan Kaminsky". IOActive. Retrieved 2005-11-15.
  5. ^ ToorCon Seattle 2008: Nuke plants, non-existent sub domain attacks, muffin diving, and Guitar Hero | Zero Day | ZDNet.com
  6. ^ Brian Krebs (2008-04-30). "More Trouble With Ads on ISPs' Error Pages". Washington Post. Retrieved 2008-05-19.
  7. ^ Robert McMillan (2008-04-19). "EarthLink Redirect Service Poses Security Risk, Expert Says". PC World. Retrieved 2008-05-19.
  8. ^ CERT Advisory
  9. ^ Fixes Released for Massive Internet Security Issue
Retrieved from "https://en.wikipedia.org/w/index.php?title=Dan_Kaminsky&oldid=224554877"