Dan Kaminsky

From Wikipedia, the free encyclopedia

Dan Kaminsky is a security researcher for IOActive who used to work for Cisco and Avaya.[1][2] Kaminsky is known for refining DNS cache snooping to show that the Sony Rootkit had infected at least 568,200 computers.[3] Kaminsky works as the Director of Penetration Testing.[4] Kaminsky's work with DNS cache snooping and other have made him well-known among computer security experts.[1][3] Kaminsky is also known for his talks at the Black Hat Briefings.[2]

[edit] Sony rootkit

During the Sony BMG CD copy prevention scandal, Kaminsky used DNS cache snooping to find out if servers had recently contacted any of the domains accessed by the Sony rootkit. He used this technique to estimate that there were at least 568,200 networks that had computers with the rootkit.[3]

[edit] Earthlink and DNS lookup

In April, 2008 Kaminsky discovered a serious vulnerability in how Earthlink handled failed DNS lookups.[1] The vulnerability could apply to other ISPs as well. Various ISPs have experimented with intercepting return messages of non-existent domain names and replacing them with advertising content. This could allow hackers to set up phishing schemes by attacking the server responsible for the advertisements and linking to non-existent subdomains of the targeted websites. Kaminsky demonstrated this process by setting up Rickrolls on Facebook and PayPal.[1][5] While the vulnerability used initially depended on part that Earthlink was using BareFruit to provide its advertising, Kaminsky was able to generalize the vulnerability to attack Verizon by attacking its ad provider, Paxfire.[6]

Kaminsky went public with the vulnerability after reports emerged that Network Solutions was using a service similar to that used by Earthlink.[7]

[edit] References

  1. ^ a b c d Ryan Singel. "ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses", Wired, 2008-04-19. Retrieved on 2008-05-19. 
  2. ^ a b Michael S. Mimoso (2008-04-14). Kaminsky on DNS rebinding attacks, hacking techniques. Search Security. Retrieved on 2008-05-19.
  3. ^ a b c Quinn Norton. "Sony Numbers Add Up to Trouble", Wired, 2005-11-15. Retrieved on 2008-05-19. 
  4. ^ Dan Kaminsky. IOActive. Retrieved on 2005-11-15.
  5. ^ ToorCon Seattle 2008: Nuke plants, non-existent sub domain attacks, muffin diving, and Guitar Hero | Zero Day | ZDNet.com
  6. ^ Brian Krebs. "More Trouble With Ads on ISPs' Error Pages", Washington Post, 2008-04-30. Retrieved on 2008-05-19. 
  7. ^ Robert McMillan. "EarthLink Redirect Service Poses Security Risk, Expert Says", PC World, 2008-04-19. Retrieved on 2008-05-19.