How Dan Kaminsky broke and fixed DNS

Discuss

7 Responses to “How Dan Kaminsky broke and fixed DNS”

  1. Stickarm says:

    “Sigh. A meeting of executives. It would have gone so much faster if they skipped that part and got on with sending the details to the engineers via encrypted mail.”

    Uh, no. Wrong. Did you read the story?

    “And then, on July 21, a complete description of the exploit appeared on the Web site of Ptacek’s company. He claimed it was an accident but acknowledged that he had prepared a description of the hack so he could release it concurrently with Kaminsky. By the time he removed it, the description had traversed the Web. The DNS community had kept the secret for months. The computer security community couldn’t keep it 12 days.”

    The “executives” you’re criticizing clearly did a great job.

    This was a really excellent bit of writing on the part of Wired’s Joshua Davis, I think. It’s exciting in exactly the same way Bruce Sterling’s Hacker Crackdown book is exciting — thrilling because it’s very clear and everything you hear about is familiar and non-mysterious.

    Hollywood should learn this lesson, everyone who has ever tried or will try to create any fiction that even remotely touches on this topic should learn this lesson: it’s stronger if it’s built from things that are real.

  2. palindromic says:

    This is a great story, and one that isn’t finished being a story either. Apparently this flaw is still exploitable, and I have network engineer friends who have had to deal with it, recently even. Yikes.

  3. arkizzle says:

    It reads a little like Underground, too. Great book, definitely check it out if you haven’t before.

  4. arkizzle says:

    I love these sort of insider-stories. They’re like Heat magazine for geeks :)

  5. jaybushman says:

    I’m still campaigning for Dan to get his own talk show. He’s got the grace and good humor to be the geek Johnny Carson.

  6. Tenlow says:

    I tried to find the DanK soundboard, but it appears to have been taken down. I guess it was the thought that counts.

  7. asuffield says:

    Sigh. A meeting of executives. It would have gone so much faster if they skipped that part and got on with sending the details to the engineers via encrypted mail.

    Did somebody from Hollywood stage-manage this? It’s gratuitously over-dramatised.

Leave a Reply