DANIEL KAMINSKY - [1979-2021] Daniel Kaminsky, a security researcher known for his discovery of a fundamental flaw in the fabric of the INTERNET, died last Friday.

In 2008, Mr. Kaminsky was widely hailed as a digital Paul Revere after he found a serious flaw in the Internet's basic plumbing that could allow skilled coders to take over websites, siphon off bank credentials or even shut down the Internet.

Mr. Kaminsky alerted the U.S. Department of Homeland Security, executives at Microsoft and Cisco, and other Internet security experts to the problem and helped spearhead a patch.

He was a respected practitioner of ''penetration testing'' the business of compromising the security of computer systems at the behest of the owners who want to harden their systems from attack. 

What Mr. Kaminsky discovered in 2008 was a problem with the Internet's basic address system, known as the Domain Name System, or DNS, a dynamic phone book that converts human-friendly web addresses into their machine-friendly numeric counterparts.

He found a way that thieves or spies could covertly manipulate DNS traffic so that a person typing the website for a bank would instead be redirected to an imposter site that could steal the user's account number and password.

Mr. Kaminky's first call was to Paul Vixie, a longtime steward of the Internet's DNS system. The usually unflappable Mr. Vixie recalled that his panic grew as he listened to Mr. Kaminsky's explanation. ''I realized we were looking down the gun barrel of history,'' Mr. Vixie recalled. ''It meant everything in the digital universe was going to have to get patched.''

''I remember calling people and telling them, ''I'm not at liberty to tell you what it is, but there's this thing and you will need to get on a plane and meet us'' at a secret convention of the world's senior cybersecurity experts, Mr. Vixie said. 

Over several days they cobbled together a solution in stealth for presentation to Black Hat, an annual hacking convention in Las Vegas.

While the DNS fix was Mr. Kaminsky's most celebrated contribution to Internet security, it has hardly his only one.

In 2005, after researchers discovered Sony BMG was covertly installing software on PCs to combat music piracy, Sony executives played down the move. Mr. Kaminsky forced the issue into public awareness after discovering that Sony's software had infected more than 568,000 computers.

''He did  things because that they were the right things to do, not because they would elicit financial gain,'' his mother, Mrs Maurer said.

[When a reporter asked Mr. Kaminsky why he did not exploit the DNS flaw to become immensely wealthy, he said that doing so would have been morally wrong, and that he did not want his mother to have to  visit him in prison.]

Silicone Valley's giants sought Mr. Kaminsky's expertise and often tried to recruit him with lucrative offers  to serve as a chief information security officer. He politely declined,  preferring the quiet yeoman's work of Internet security.

''The Internet was never designed to be secure,'' Mr. Kaminsky recalled in a 2016 interview. ''The Internet was designed to move pictures of cats. We are very good at moving picture of cats.''

But, he added : ''We didn't think you'd be moving trillions of dollars onto this. What are we going to do? And here's the answer : Some of us got to go out and fix it.''

The World Students Society thanks author Nicole PerlRoth.


Post a Comment

Grace A Comment!