One year ago today

Dan Kaminsky on BitCoin: Bitcoin's fundamental principle of fraud management is one of denial.

Five years ago today

Scalia Scoffs at Calls for More Data Privacy Protection, Students Surprise Him With Dossier of His Own Data.: The class turned in a 15-page dossier that included not only Scalia's home address, home phone number and home value, his food and movie preferences, his wife's personal e-mail address and photos of his grandchildren. — Read the rest

Ever since BitCoin appeared, I've been waiting for two security experts to venture detailed opinions on it: Dan Kaminsky and Ben Laurie. Dan has now weighed in, with a long, thoughtful piece on the merits and demerits of BitCoin as a currency and as a phenomenon. — Read the rest

Dan Kaminsky sez,

There's been a lot of talk about some portion of the RSA keys on the Internet being insecure, with "2 out of every 1000 keys being bad". This is incorrect, as the problem is not equally likely to exist in every class of key on the Internet.

Wired's Joshua A Davis has a great profile of my pal Dan Kaminsky's work on discovering and then helping to fix a net-crashing DNS bug earlier this year. Davis really captures the excitement of discovering a major security flaw and the complex web of personal, professional and technical complications that come to bear when you're trying to disclose the research in a way that minimizes harm to the net. — Read the rest

Wired's Danger Room has a good interview with Dan Kaminsky, whose DNS hack has been burning up the wires. Dan figured out a means of disrupting the entire Internet by poisoning DNS. The exploit's existence and scope have been hotly debated ever since, and it all came to a head when details of the exploit leaked:

Well you know, there were people who said, Dan, I wish I could patch but I don't know the bug and I can't get the resources I need to patch it.

Comptroller general of the French Army René Carmille "purposely delayed the process by mishandling the punch cards," changing the programming so that the religion field wouldn't be read from them; Adolfo Kaminsky used his dry-cleaning chemical expertise to remove the red "J" (for Jew) stamps from French passports, and could forge 30 identity documents per hour; the Kasharyiot (female couriers) could pass for Aryans and smuggled "secret documents, weapons, underground newspapers, money, medical supplies, news of German activities, forged identity cards, ammunition — and other Jews — in and out of the ghettos of Poland, Lithuania and parts of Russia"; Walter Süskind and his friends used their positions running the nursery where Dutch Jewish children awaited deportation to camps to smuggle 600 children to safety.

Superstar security researcher Dan Kaminsky (previously) wants to create a "National Institutes of Health for computer security" — a publicly funded research institution that figures out how to prevent and cope with large-scale security issues in networked devices.

Dan Kaminsky, one of the Internet's essential squad of "volunteer fire fighters" who oversaw the largest-ever synchronized vulnerability patching in Internet history, has written a stirring editorial for Wired explaining what the FBI puts at risk when it demands weaker encryption: it's not our privacy, it's the security of finance, health care, roads, and every other piece of tech-enabled infrastructure in the land.

Dan Kaminsky is master of all that is terrible and wonderful about the Internet's Domain Name Service, a vital piece of Internet infrastructure dating back to 1983, whose criticality and age make it a source of ongoing problems in Internet securityland.

I wrote yesterday about Dan Kaminsky's excellent thoughts on BitCoin, and wished aloud for comparable work from Ben Laurie. It turns out such work exists: here's Ben's critique of BitCoin, and here's his proposal for an alternative. Both are short, clear, excellent reads.

Privacy International's 16-minute mini-documentary from DEFCON about privacy is a great, compact answer to the question, "Why does privacy matter?"

Last week I was excited to announce the birth of Coffee Common, a project of coffee enthusiasts (one of them being me) coming together to improve the experience of coffee for both industry and consumers. I mentioned that to kick off the launch, the project organizers and a handful of baristas from around the world will be spending this week in conjunction with the TED conference talking about (and serving) a few noteworthy selections from a select group of roasters. — Read the rest

Legendary DNS hacker Dan Kaminsky has a new, out-of-left-field project to mitigate color blindness with augmented reality software for mobile phones. DanKam is a mobile app that you calibrate so it knows the specifics of your color blindness (I can't see a lot of greens), and then it automatically color-corrects the world as seen through the phone's lens to compensate for your deficit. — Read the rest

Dan Kaminsky sez, "Digital: A Love Story is set 'five minutes into the future of 1988', and is one of the most fascinating games I've played in years. Set entirely within an Amiga Workbench desktop, the concept of the game is that you are just your average BBS user, when you meet someone…interesting." — Read the rest

Landon Fuller figured out a nice application for Dan Kaminsky's DNS hack — using DNS servers on the public Internet as "dead drops," with messages stashed on them that can only be retrieved by people with the secret:

In each DNS query, 7 bits are reserved for a number of flags, one of which is the Recursion Desired (RD) flag.

Dan Kaminsky has produced slides showing the "information density" of several different blocks of text, including the corpus of Project Gutenberg, the Windows kernel, and the US legal code. The conclusion? The law has more structural similarities to software code than to the prose in Gutenberg's 17,000 books: "Legalese is a massively structured dialect. — Read the rest

This betatted fellow isn't worried about disappointing box office returns or concomitant studio whinery — or, it would seem, the fact that ink in flesh lasts longer than internet fads.

BoingBoing reader Adam explains,

A gentleman named Jim Dozier ("Doz," or "iBgerd") decided he was so excited about the movie that he would have its logo tattooed on his arm.

Dan Kaminsky, DNS hacker and rootkit infection sleuth, has devised a test for checking to see if your Internet connection is "neutral" — that is, whether your connection is being filtered, throttled, slowed down, or monkeyed with secretly by your ISP:

Kaminsky calls his technique "TCP-based active probing for faults."

See Part I, Part III, Part IV, Part V and Part VI of this post for more.

It's been three days since the first roundup post on Sony's rootkit DRM and lots of new stuff has come to light since. — Read the rest