Dan Kaminsky

Early Life

Dan Kaminsky was born on February 7, 1979, in San Francisco, California, to Marshall Kaminsky and Trudy Maurer. His mother recounted to The New York Times that after his father purchased a RadioShack computer for him at age four, Kaminsky had taught himself to code by age five. At eleven, his mother received a call from a government security administrator informing her that Kaminsky had used penetration testing techniques to intrude into military computers and that the family's internet access would be cut off. She responded by threatening to place an advertisement in the San Francisco Chronicle publicizing the fact that an eleven-year-old had broken military computer security. A negotiated three-day internet "timeout" was the outcome. Years later, in 2008, the same administrator sought Kaminsky out to thank him for his DNS work and asked to be introduced to his mother.

Kaminsky attended St. Ignatius College Preparatory and went on to earn a degree from Santa Clara University.

Career

After graduating from college, Kaminsky worked at Cisco and Avaya before joining IOActive, where he served as director of penetration testing. He later co-founded White Ops, a computer security firm subsequently renamed Human Security, where he held the title of chief scientist.

Sony Rootkit Investigation

During the Sony BMG copy protection rootkit scandal, Kaminsky applied DNS cache snooping to determine whether servers had recently contacted domains associated with the Sony rootkit. Using this technique, he estimated that at least 568,000 networks contained computers infected with the rootkit, bringing wider public attention to the issue at a time when Sony executives were attempting to minimize it.

ISP DNS Hijacking

In April 2008, Kaminsky identified a security vulnerability arising from the growing practice among ISPs of intercepting failed DNS lookups and replacing them with advertising content. He demonstrated the risk by setting up Rickroll redirects on Facebook and PayPal subdomains, and extended the attack to affect Verizon by targeting its ad provider, Paxfire. He disclosed his findings publicly after working with the relevant ad networks to address the underlying cross-site scripting vulnerability.

DNS Cache Poisoning Flaw

In 2008, Kaminsky discovered a fundamental flaw in the DNS protocol that made cache poisoning attacks feasible against most nameservers. The vulnerability stemmed from DNS having only 65,536 possible transaction IDs — a space small enough to brute-force given sufficient attempts. Kaminsky's specific technique bypassed the TTL defense by targeting unique "sibling" hostnames, which had no cache entries and thus no TTL, while still allowing spoofed responses to inject data for target domains.

After discovering the flaw, Kaminsky contacted Paul Vixie and then alerted the Department of Homeland Security and executives at Cisco and Microsoft. He coordinated a secret multi-vendor patching effort, with the fix released on July 8, 2008. Although he intended to withhold technical details for thirty days post-patch, specifics were leaked on July 21, 2008, and quickly mirrored across the internet. Kaminsky subsequently presented his full findings at the Black Hat Briefings. The coordinated patch led all major DNS server implementations to adopt source port randomization, making the attack orders of magnitude more difficult.

Additional Research

On March 27, 2009, Kaminsky discovered that hosts infected with the Conficker worm produced a detectable remote signature, enabling signature updates for scanning tools including NMap and Nessus. That same year, in collaboration with Meredith L. Patterson and Len Sassaman, he identified multiple flaws in the SSL protocol, including the use of the weak MD2 hash function by Verisign in a root certificate and certificate parser errors in several web browsers. In June 2010, he released Interpolique, a beta framework aimed at helping developers address injection attacks such as SQL injection and cross-site scripting.

On June 16, 2010, ICANN named Kaminsky one of the Trusted Community Representatives for the DNSSEC root.

Personal Life

Kaminsky was known within the security community for his generosity and empathy. He was an outspoken privacy rights advocate and publicly criticized FBI Director James Comey's position during the FBI–Apple encryption dispute. He devoted portions of his career to projects addressing health and accessibility, including an app for colorblind users, hearing aid technology, and telemedicine tools related to AIDS care among refugees developed for the Academic Model Providing Access to Healthcare (AMPATH).

Death and Legacy

Kaminsky died on April 23, 2021, of diabetic ketoacidosis at his home in San Francisco. Following his death, the Electronic Frontier Foundation described him as a "friend of freedom and embodiment of the true hacker spirit." Jeff Moss advocated for his induction into the Internet Hall of Fame, and on December 14, 2021, Kaminsky was posthumously inducted. The New York Times had previously labeled him an "Internet security savior" and "a digital Paul Revere."