Dan Kaminsky is understandably swamped today, given the unexpected early release of information about the critical DNS flaw he discovered that potentially affects the security of every web site on the internet. But he found some time to speak with Threat Level about how he discovered the vulnerability that has system administrators scrambling to patch before an exploit -- which is expected to go public by the end of today -- is widely available. Kaminsky discovered the bug by chance about six months ago, which he promptly disclosed to people in the DNS community. At the end of March, an emergency summit was convened at Microsoft's headquarters, gathering sixteen people from around the world to discuss how to address the problem. On July 8, Kaminsky held a press conference announcing a multi-vendor patch and urging DNS server owners to upgrade their software with the patch immediately. But he declined to disclose details of the bug until next month, when he plans to deliver a talk about the flaw at the Black Hat hacker conference. Until then, Kaminsky asked researchers not to speculate about the bug, to avoid giving hackers information that could help them exploit it. Thirteen days after that press conference, however, the security firm Matasano inadvertently released details about the bug on a blog post that the company quickly removed, but has been reposted elsewhere . I spoke with Kaminsky about that disclosure, among other iss ...
Anytime
Dan Kaminsky is understandably swamped today, given the unexpected early release of information about the critical DNS flaw he discovered that potentially affects the security of every web site on the internet. But he found some time to speak with Threat Level about how he discovered the vulnerability that has system administrators scrambling to patch before an exploit -- which is expected to go public by the end of today -- is widely available. Kaminsky discovered the bug by chance about six months ago, which he promptly disclosed to people in the DNS community. At the end of March, an emergency summit was convened at Microsoft's headquarters, gathering sixteen people from around the world to discuss how to address the problem. On July 8, Kaminsky held a press conference announcing a multi-vendor patch and urging DNS server owners to upgrade their software with the patch immediately. But he declined to disclose details of the bug until next month, when he plans to deliver a talk about the flaw at the Black Hat hacker conference. Until then, Kaminsky asked researchers not to speculate about the bug, to avoid giving hackers information that could help them exploit it. Thirteen days after that press conference, however, the security firm Matasano inadvertently released details about the bug on a blog post that the company quickly removed, but has been reposted elsewhere . I spoke with Kaminsky about that disclosure, among other iss ...