Paying Tribute to Dan Kaminsky

Renowned cyber security researcher, Dan Kaminsky, well known for his work on discovering crucial DNS security flaws, Sony Rootkit infections and many more, has sadly died.


On Saturday April 24, Marc Rogers tweeted, saying: "I guess there's no hiding it now. We lost Dan Kaminsky yesterday. One of the brightest lights in infosec and probably the kindest soul I knew. The vacuum he leaves behind is impossible to measure. Please keep speculation to yourself and be respectful of his family and friends."


Dan Kaminsky was only 42 years old, and passed away from diabetes complications, namely diabetic ketoacidosis, which had caused frequent hospitalisations over the past few years.


In 2008, Kaminsky uncovered a fundamental flaw in the Domain Name System (DNS) protocol that could enable bad actors to carry out cache poisoning attacks on the majority of nameservers, with a few exceptions.


Also, during the Sony BMG copy protection rootkit brouhaha, where Sony BMG was found out secretly installing anti-piracy software onto PCs, Kaminsky used DNS cache snooping to find out if servers had recently contacted any of the domains accessed by the Sony rootkit. Through this technique he estimated that there were at minimum 568 000 networks that had machines with the rootkit, and raised awareness of the issue while Sony was trying to keep it hush hush.


Towards the end of March in 2009, he found out that Conficker-infected hosts have a detectable signature when scanned remotely. According to him, Conficker changed what Windows looked like on the network, and this change could be detected remotely, anonymously and very quickly. An admin could literally ask a server whether it's infected and get a straight answer.


In 2009, in conjunction with Meredith L. Patterson and Len Sassaman, he uncovered a slew of flaws in the SSL protocol, including the use of the weak MD2 hash function by Verisign in one of their root certificates, as well as errors in the certificate parsers in a variety of Web browsers that enable hackers to successfully request certificates for sites they do not control.


These are but a few of the contributions Kaminsky made to cyber security, which made me wonder where the industry would be without security researchers. Today, our personal and business lives are interconnected by technology in ways that were undreamed of only a few decades ago. Between the cloud, mobility, the host of devices we use, the Internet of things - we have enabled a culture of convenience, which certainly makes our lives easier, but it also makes it easier for bad actors to exploit our sensitive personal information.


Security researchers are the guys with the broad set of skills that are needed investigate a ever-evolving threat landscape. Reported numbers vary, but DataProt estimates that there are 560 000 new pieces of malware are detected every day, begging the question of who is going to keep up to date with all the new malware that can be used to exploit application and system vulnerabilities? Who will collect and scrutinise it to reveal its tricks, and then give it to us in a format that we can use?


The answer is security researchers like Kaminsky. They take the malware apart to see what vulnerabilities It is exploiting and gain true intelligence out of the code, discovering how it communicates and how it is structured. This information is then used to track adversaries and threat groups by the tools and methods of their trade, looking for similarities and signatures to build behaviour profiles. The common maxim today, is that cyber security is a catch up game, but one thing is certain, without security researchers, the game would be lost altogether.