*** Welcome to piglix ***

Dan Kaminsky

Dan Kaminsky
Dan Kaminsky2015portrait.jpg
Kaminsky in 2015
Occupation Computer security researcher
Known for Discovering the 2008 DNS cache poisoning vulnerability

Dan Kaminsky is an American security researcher. He is the Chief Scientist of White Ops, a firm specializing in detecting malware activity via JavaScript. He has worked for Cisco, Avaya, and IOActive, where he was the Director of Penetration Testing. He is known among computer security experts for his work on DNS cache poisoning, and for showing that the Sony Rootkit had infected at least 568,200 computers and for his talks at the Black Hat Briefings.

In June 2010, Kaminsky released Interpolique, a beta framework for addressing injection attacks such as SQL Injection and Cross Site Scripting in a manner comfortable to developers.

On June 16, 2010, he was named by ICANN as one of the Trusted Community Representatives for the DNSSEC root.

In July 2008, the CERT Coordination Center announced that Kaminsky had discovered a fundamental flaw in the Domain Name System (DNS) protocol. The flaw could allow attackers to easily perform cache poisoning attacks on most nameservers (djbdns, PowerDNS, MaraDNS, Secure64 and Unbound were not vulnerable). With most Internet-based applications depending on DNS to locate their peers, a wide range of attacks became feasible, including web site impersonation, email interception, and authentication bypass via the "Forgot My Password" feature on many popular websites.

Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008. The vulnerability itself has not been fully fixed, as it is a design flaw in DNS itself.


...
Wikipedia

...