https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html
>https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html
Daniel Kaminsky, Internet Security Savior, Dies at 42
If you are reading this obituary online, you owe your digital safety to him.
Daniel Kaminsky, a security researcher known for his discovery of a fundamental flaw in the fabric of the internet, died on Friday at his home in San Francisco. He was 42.
His aunt, Dr. Toby Maurer, said the cause was diabetic ketoacidosis, a condition that led to frequent hospitalizations in recent years.
In 2008, Mr. Kaminsky was widely hailed as a digital Paul Revere after he found a serious flaw in the internet’s basic plumbing that could allow skilled coders to take over websites, siphon off bank credentials or even shut down the internet. Mr. Kaminsky alerted the Department of Homeland Security, executives at Microsoft and Cisco, and other internet security experts to the problem and helped spearhead a patch.
He was a respected practitioner of “penetration testing,” the business of compromising the security of computer systems at the behest of owners who want to harden their systems from attack. It was a profession that his mother, Trudy Maurer, said he had first developed a knack for as a 4-year-old in San Francisco, after his father gave him a computer from Radio Shack. By age 5 he had taught himself to code.
His childhood paralleled the 1983 movie “War Games,” in which a teenager, played by Matthew Broderick, unwittingly accesses a U.S. military supercomputer. When Daniel was 11, his mother said, she received an angry phone call from someone who identified himself as a network administrator for the Western United States. The administrator said someone at her residence was “monkeying around in territories where he shouldn’t be monkeying around.”
Without her knowledge, Daniel had been examining military websites. The administrator vowed to “punish” him by cutting off the family’s internet access. Mrs. Maurer warned the administrator that if he made good on his threat, she would take out an advertisement in The San Francisco Chronicle denouncing the Pentagon’s security.
“I will take out an ad that says, ‘Your security is so crappy, even an 11-year-old can break it,’” she recalled telling the administrator, in an interview on Monday.
They settled on a compromise punishment: three days without internet.
Nearly two decades after he lost his access to the internet, Mr. Kaminsky wound up saving it. What Mr. Kaminsky discovered in 2008 was a problem with the internet’s basic address system, known as the Domain Name System, or DNS, a dynamic phone book that converts human-friendly web addresses like NYTimes.com and Google.com into their machine-friendly numeric counterparts. He found a way that thieves or spies could covertly manipulate DNS traffic so that a person typing the website for a bank would instead be redirected to an impostor site that could steal the user’s account number and password.
Mr. Kaminsky’s first call was to Paul Vixie, a longtime steward of the internet’s DNS system. The usually unflappable Mr. Vixie recalled that his panic grew as he listened to Mr. Kaminsky’s explanation.
“I realized we were looking down the gun barrel of history,” Mr. Vixie recalled. “It meant everything in the digital universe was going to have to get patched.”
https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/
Computer security world in mourning over death of Dan Kaminsky, aged 42
Obit Celebrated information security researcher Dan Kaminsky, known not just for his technical ability but also for his compassion and support for those in his industry, has died. He was 42.
Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet's infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades.
Not that Dan was the celebrity type. When he disclosed the DNS poisoning flaw at that year's Black Hat conference, he looked distinctly uncomfortable in a suit – the first time many had seen him wear one – though when it came to explaining the vulnerability and its solution, he was unparalleled.
When your Register hack asked Kaminsky why he hadn't gone to the dark side and used the flaw to become immensely wealthy – either by exploiting it to hijack millions of netizens' web traffic, or by selling details of it to the highest bidders – he said not only would that have been morally wrong, he didn't want his mom to have to visit him in prison. You can read more technical info on the DNS flaw here.
Besides discovering the domain-name system weakness, he had been a stalwart of the security research scene for years, and was a much-loved regular at conferences big and small. You can find a YouTube playlist of his DEF CON presentations, for instance, here. He would talk with and advise anyone – even paying the entrance fees for some researchers or letting them crash on his hotel room floor – and it was this generosity that people are overwhelmingly remembering this weekend.
For example, in 2005, Sony BMG decided to install rootkits on people's PCs without telling them to counter CD music piracy. Company president Thomas Hesse argued that "most people, I think, don't even know what a rootkit is, so why should they care about it?" After the issue was identified by Mark Russinovich, now CTO of Microsoft Azure, Kaminsky helped in identifying just how many folks likely had the anti-piracy mechanism on their systems – in short, more than a third-of-a-million networks had computers touched by Sony BMG's code.
He also did sterling work in working with others to spot flaws in SSL, and in automating the detection of Conficker malware infections. Outside of these high-profile discoveries, Kaminsky was beloved by so many because he had a sense of fun and clearly enjoyed collaborating with folks.
His conference talks at Black Hat, DEF CON, and smaller cons were often overbooked and standing-room only at the back. He had an unerring knack for finding elegant or interesting ways of probing code, explaining the ramifications to an audience, and then answering as many questions as he could.
As a journalist, this was a blessing for your vulture – Kaminsky had no animosity to the press if they were trying to get the full story out, and would explain stuff quickly and simply to make sure coverage was accurate. This hack remembers cancelling dinner plans when he called late one afternoon with an interesting tale: you knew it was going to be a late night of reporting work though it would be worth it.
There is now a move to see Kaminsky inducted into the Internet Hall of Fame. It is an accolade he thoroughly deserves.
In a statement thanking everyone for their kind words, Kaminsky's family said he died as a result of diabetic ketoacidosis, and asked for privacy at this time.
>You can read more technical info on the DNS flaw here.
https://www.kb.cert.org/vuls/id/800113
Multiple DNS implementations vulnerable to cache poisoning
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.
^(?!(Anonymous$|Q$|Ron$))
>We need to blow up the mind control base we call the moon.