Bio

Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft. Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases.

Dan is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Dan is the American representative. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure.

Comments (0) Trackbacks (31) Trackback

No comments yet.

July 10, 2008 at 12:01 am | #1

Internet : Une énorme faille colmatée | E-commerce blog
July 10, 2008 at 3:35 pm | #2

Loopback Filter with Truman Boyes » Blog Archive » Checking to see if DNS server is using random ports
July 10, 2008 at 7:22 pm | #3

Faille de securité DNS critique | webmaster-dz
July 16, 2008 at 7:05 am | #4

Cómo de crítico era el fallo en los servidores DNS (I) | Enchufa2
July 16, 2008 at 12:22 pm | #5

McGrew Security Blog » Blog Archive » Black Ops: The Talks of Dan Kaminsky
July 21, 2008 at 3:46 pm | #6

petru.blog : The end of the internet
July 22, 2008 at 5:41 am | #7

DNS Problem « Andy ITGuy
July 22, 2008 at 10:56 am | #8

Blayne Sucks » Protocol-level DNS Flaw
July 23, 2008 at 1:38 am | #9

Liberan detalles del problema con los DNS « SeMaToVe
July 23, 2008 at 3:50 am | #10

Liberan detalles del problema con los DNS – Foro de Informatica para tod@s! -Necesitamos expertos en Photoshop
July 23, 2008 at 5:00 am | #11

» Liberan detalles del problema con los DNS | Computadora Z3 | La primera máquina programable y completamente automática !!!
July 23, 2008 at 2:51 pm | #12

Liberan detalles del problema con los DNS | WwW
July 24, 2008 at 12:01 am | #13

Metasploit Releases DNS Explot Code
July 24, 2008 at 7:08 am | #14

Overheard: Fixing DNS – Overheard in the tech blogosphere
July 25, 2008 at 12:01 am | #15

Edgelings.com » Dawn Patrol–A Black Hole Inside the Net; China Swarms the Web
July 26, 2008 at 4:31 am | #16

ON ERROR GOTO / gotocosmik.com » Blog Archive » Detalles vulnerabilidad DNS reportada
July 28, 2008 at 4:54 pm | #17

The ‘BailiWicked’ Problem | TrendLabs | Malware Blog – by Trend Micro
July 28, 2008 at 5:33 pm | #18

Latest Antivirus Updates » The ‘BailiWicked’ Problem
August 1, 2008 at 6:46 pm | #19

My hacker, my hero |
August 6, 2008 at 10:06 pm | #20

AndyG5000/Digital Porch Blog » Blog Archive
August 8, 2008 at 9:07 pm | #21

Video sobre los arreglos de las vulnerabilidades en los dns : Tengo Un.Com.ar
September 30, 2008 at 3:22 pm | #22

Vulnerabilidad DNS | lqsm ocurra …
December 1, 2008 at 11:47 am | #23

GAK CITY » 394. They found a hole in the Internet…..
December 1, 2008 at 5:02 pm | #24

Finance Geek » Secret Geek A-Team Hacks Back, Defends Worldwide Web
December 2, 2008 at 1:03 am | #25

Wired: Kaminsky DNS Write Up
December 3, 2008 at 10:54 am | #26

Hypnotizing Rabbit » Blog Archive » The honest hacker
February 28, 2009 at 4:06 pm | #27

The DNSSEC Groundswell » The .ORG Blog
March 2, 2009 at 9:00 am | #28

Black Hat Interviews Dan Kaminsky | Infosecurity.US
March 19, 2009 at 6:02 pm | #29

The DNSSEC Industry Coalition Meets to "Make It So" | domain names |
April 2, 2009 at 10:59 am | #30

DNSSEC Industry Coalition Meets with Vint Cerf and Dan Kaminsky
July 26, 2009 at 8:25 am | #31

Una año despues del fallo de DNS y OpenSSL (ssh) | RetroNet

Comments are closed.

Security Talks

2010

Introducing The Domain Key Infrastructure:
Zero Configuration DNSSEC Serving, End-To-End Client Integration w/ UI Via OpenSSL and Secure Proxies, Federated OpenSSH, DNS over HTTP/X.509, Self-Securing URLs, Secure Scalable Email (Finally!)
Slides
Code (Phreebird Suite)
Black Hat USA Slides

Interpolique:
Where's The Safety in Type Safety?, Preventing Injection Attacks (XSS/SQL) With String Safety, Why Ease Of Use Matters, Automatic Query Parameterization, How LISP Was Right About Dynamic Scope, Dynamic DOM Manipulation For Secure Integration of Untrusted HTML
Slides Audio
Code

Realism in Web Defense:
Why Security Fails, What's Wrong With Session Management On The Web, The Failure Of Referrer Checking, Interpreter Suicide, Towards a Real Session Context, Treelocking, The Beginnings of Interpolique
Slides
2009

Staring Into The Abyss:
Middleware Fingerprinting, Firewall Rule Bypass, Internal Address Disclosure, Same Origin Attacks Against Proxied Hosts, TCP NAT2NAT via Active FTP And TCP Spoofing
Slides Paper

Black Ops Of PKI:
Structural Weaknesses of X.509, Architectural Advantages of DNSSEC, ASN.1 Confusion, Null Terminator Attacks Against Certificates
Slides Video
Financial Cryptography Paper
2008

It's The End Of The Cache As We Know It:
DNS Server+Client Cache Poisoning, Issues with SSL, Breaking “Forgot My Password” Systems, Attacking Autoupdaters and Unhardened Parsers, Rerouting Internal Traffic
Black Hat Slides
BH Fed Slides (Adds Drupal, DNSSEC)
Video Audio
"Illustrated Guide To The Kaminsky Bug"
Sarah on DNS

Ad Injection Gone Wild:
Subdomain NXDOMAIN injection for Universal Cross Site Scripting
Slides
2007

Design Reviewing The Web:
DNS Rebinding, VPN to the Browser, Provider Hostility Detection, Audio CAPTCHA Analysis
Slides Video
2006

Pattern Recognition:
Net Neutrality Violation Detection, Large Scale SSL Scanning, Securing Online Banking, Cryptomnemonics, Context Free Grammar Fuzzing, Security Dotplots
Slides
Weaponizing Noam Chomsky, or Hacking with Pattern Languages:
The Nymic Domain, XML Trees For Automatically Extracted Grammar, Syntax Highlighting for Compression Depth, Live Discovered Grammar Rendering, "CFG9000" Context Free Grammar Fuzzer, Dotplots for Format Identification and Fuzzer Guidance, Tilt Shift Dotplots, Visual Bindiff
Slides Video Code
2005:

Black Ops of TCP/IP 2005.5:
Worldwide DNS Scans, Temporal IDS Evasion, the Sony Rootkit, MD5 Conflation of Web Pages
Slides Video
2004:

MD5 To Be Considered Harmful Someday:
Applied Attacks Against Simple Collisions Via Malicious Appendage, Executable Confusion, Auditor Bypass, Bit Commitment Shirking, HMAC Implications, Collision Steganography, P2P Attacks Against Kazaa Hash
Slides Paper
Code (Confoo)
Code (Stripwire)

Black Ops of DNS:
Tunneling Audio, Video, and SSH over DNS
Slides Audio
Code (OzymanDNS 0.1)
Code (OzymanDNS 0.1 for Windows)
2003:

Stack Black Ops:
Generic ActiveX, SQL for Large Network Scans, Bandwidth Brokering, SSL for IDS’s
Slides Audio
Code (Paketto Keiretsu 2.00pre5)
2002:

Black Ops of TCP/IP:
High Speed Scanning, Parasitic Traceroute, TCP NAT2NAT
Slides Audio 1 Audio 2
Code (Paketto Keiretsu 1.01)
2001:

Gateway Cryptography:
SSH Dynamic Forwarding, Securing Meet-In-The-Middle, PPTP over SSH
Slides Audio
SSH Cheat Sheet

@dakami

RT @zulladan: Google Chrome's security team is amazingly fast. Apple hasn't responded to any of my bug reports in 6 years. 1 hour ago
RT @ericlaw: Want to see why domain sharding is a bad idea? Look at Will Chan's graphs: insouciant.org/tech/network-c… #webperf 1 hour ago
I'll take your drama of the hour, and raise you "my buddy @jaysonstreet is cancer free after all". Today was a good day. 1 hour ago
RT @Unit_61399: Not sure what all this noise is about us 'resuming' attacks, we never fuckin stopped. idiots. 3 hours ago
RT @radiomaru: It’s ok to suck. Y’all aspiring creative whatevers, it’s ok to suck. Please suck so that I can be better than you 3 hours ago
RT @quinnnorton: "The one thing all theoriticians of every stripe have is..." "a barn full of spherical cows?" "Well." 3 hours ago
RT @janl: Yo flickr, lookin’ good! 3 hours ago

Dan Kaminsky's Blog

Bio

Like this:

Email Subscription

Contact Information

Major Projects

Security Talks

Other Research

@dakami

Login

Follow “Dan Kaminsky's Blog”