Meet The Secret Geek A-Team Who Discovered Critical Internet Security Flaw And Saved The Worldwide Web


First Posted: 12- 1-08 07:09 PM   |   Updated: 01- 1-09 05:12 AM

I Like ItI Don’t Like It
Read More: Dan Kaminsky, Internet, Internet Security Flaw, Kaminsky Saved The Internet, Worldwide Web, Business News
Hackers

Wired:

In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcut--an elegant exercise hack--so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow.

He spent the next few weeks stuck at home in a Percocet-tinged haze. Before the injury, he'd spent his days testing the inner workings of software programs. Tech companies hired him to root out security holes before hackers could find them. Kaminsky did it well. He had a knack for breaking things--bones and software alike.

Read the whole story: Wired

In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips an...
In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips an...
Filed by Nick Graham  |  Report Corrections
 
Comments
17
Pending Comments
0
iPhone App Promo

Want to reply to a comment? Hint: Click "Reply" at the bottom of the comment; after being approved your comment will appear directly underneath the comment you replied to

View Comments:
- Manuel I'm a Fan of Manuel permalink

It is worth noting that even WIRED is on the Huffington Post.

Particularly as news breaks that Secretary Gates (no relation of Bill Gates) is staying on at the Pentagon in this new Administration.

Manuel

    Favorite    Flag as abusive Posted 04:53 PM on 12/02/2008
- getoffthecross I'm a Fan of getoffthecross 46 fans permalink
photo

So it's true: The Geeks Shall Inherit the Earth

    Favorite    Flag as abusive Posted 04:17 PM on 12/02/2008
- carlgt1 I'm a Fan of carlgt1 16 fans permalink
photo

99.9% of these "security geniuses" just invent BS to puff up their own egos & wallets.

    Favorite    Flag as abusive Posted 01:43 PM on 12/02/2008
- Exusian I'm a Fan of Exusian 27 fans permalink

Maybe, but then all it takes is just 0.1% that are true geniuses to bring it all crashing down.

    Favorite    Flag as abusive Posted 02:00 PM on 12/02/2008
- QueenOfViolets I'm a Fan of QueenOfViolets 13 fans permalink

OMG - Paul Vixie looks just like the T888 model Terminator named Myron Stark from last night's episode of TSCC.

Maybe that security flaw in the Internet was our last defense against SkyNet. Anyone think of that? Huh?

    Favorite    Flag as abusive Posted 12:34 PM on 12/02/2008
- Babysnake I'm a Fan of Babysnake 11 fans permalink
photo

F*-.u. c*/K me!

    Favorite    Flag as abusive Posted 11:42 AM on 12/02/2008
- NWBrunette I'm a Fan of NWBrunette 72 fans permalink

The internet is built on a house of cards. Lots of talented people work tirelessly to keep it upright. But it's still a house of cards.

    Favorite    Flag as abusive Posted 10:14 AM on 12/02/2008
- Sundialsvc4 I'm a Fan of Sundialsvc4 147 fans permalink

The populist image is undoubtedly just like what this headline says... but the truth is exactly the opposite (well, except maybe for the "geek" part ;-) ). As I like to say to people, "what if bridges were built that way?" They're not, of course, and this is why they're not.

The security and integrity of the Internet is built upon openness ... not secrecy. Even the military segments are built that way, because it is well-understood that "it is what you don't realize that hurts you." Although not all algorithms and methods are public, all of them are subjected to open peer-review. (The term for any vague "I can't tell you anything about it because it's so unbreakable" defense against an equally-vague threat is... "snake oil.")

This is the Internet. The truth is not even hard to find.

    Favorite    Flag as abusive Posted 08:52 AM on 12/02/2008
- Tiradrex I'm a Fan of Tiradrex permalink

Crap article

Every serious Techie new about the flaw from way back.

Why are they trying to make these dudes heros.

    Favorite    Flag as abusive Posted 01:30 AM on 12/02/2008
- shel3364 I'm a Fan of shel3364 35 fans permalink

You're so full of s**t.

If every "serious techie knew about this flaw from way back" then it would have been exploited by malicious techies.

    Favorite    Flag as abusive Posted 10:51 AM on 12/02/2008
- SwingingFromCenter I'm a Fan of SwingingFromCenter 56 fans permalink

It HAS been exploited. Seriously, do you think hacking doesn't happen? Hacking happens every day. It's happening right now. The internet is never secure. Again, Dan Bernstein discovered this back in 1999--a full 9 years before Kaminsky claims to have "discovered" it. Bernstein created a fix for it almost a decade ago.

    Favorite    Flag as abusive Posted 12:13 PM on 12/02/2008
- ohmetoo I'm a Fan of ohmetoo 27 fans permalink
photo

Wasn't it a movie, "War Games"?

    Favorite    Flag as abusive Posted 11:32 PM on 12/02/2008
- Ajita I'm a Fan of Ajita 95 fans permalink
photo

If Huffington Post is going to put such stories on the front page, it would help if they were labeled as what they are.

    Favorite    Flag as abusive Posted 01:22 AM on 12/02/2008
- Tatiana I'm a Fan of Tatiana 12 fans permalink
photo

Percocet, a miracle drug.

    Favorite    Flag as abusive Posted 10:35 PM on 12/01/2008
- SwingingFromCenter I'm a Fan of SwingingFromCenter 56 fans permalink

Sensationalist article, and ultimately nonsense.

This "flaw" was discovered back in '99. It was nothing new. And while Dan is a very talented consultant, this article does little but feed his overinflated ego. He's far from the best in the game.

    Favorite    Flag as abusive Posted 08:49 PM on 12/01/2008
- dawp I'm a Fan of dawp permalink

If the flaw was know in '99 why was such a serious flaw not fixed then?

    Favorite    Flag as abusive Posted 09:50 AM on 12/02/2008
- SwingingFromCenter I'm a Fan of SwingingFromCenter 56 fans permalink

Because the danger it posed is completely overblown. This article is full of great buzzwords and lots of words that convey raw, primal emotion and fear to make it sound like the entire industry was rocked and quaking in their boots. This was not the case. The actuality is that the possible havoc that could have been reaked by that exploit was minimal due to the sheer amount of traffic that goes through the core routers that make up the internet. Any altered DNS entries would be fixed within moments of their original adjustments.

Are mere moments enough for damage to take place via a hacker? Absolutely. But the internet is never secure. I could get into any site on the internet if I wanted to, guaranteed. It's just how things are. There are people who "know stuff" and there are people who don't.

And not only all that, but the problem WAS addressed in 1999. The person who discovered it back then created a fix for it--it just never took off, because nobody deemed the threat important enough to implement the new protocols. Dan Bernstein is the original "finder" of this flaw, and created something called djbdns. Go look it up. This fix was created long before Dan here ever "found" it--again....9 years later.

    Favorite    Flag as abusive Posted 12:11 PM on 12/02/2008
Comments are closed for this entry

 You must be logged in to comment. Log in  or connect with 

Connect