We lost Dan Kaminsky this weekend.
I write “lost” advisedly, because Dan’s death is a terrible loss for all of us who love the Internet and live much of our lives on it. More than almost anyone I can think of, Dan made the Internet a better and safer place.
Back in 2008, Dan discovered a vulnerability in the Domain Name System (DNS) that would have allowed attackers to poison the caches of recursive DNS servers in minutes. It’s hard to overstate the chaos and damage this could have caused: Internet users’ email could have been redirected through malicious mail servers and modified or recorded there; users could have been redirected to proxies masquerading as legitimate web sites, only to have their traffic examined.
Instead of posting the details of the vulnerability, Dan revealed it responsibly, only to key people in the DNS community. He worked with them to convene a clandestine meeting of the developers of the DNS servers that would need to be fixed to address the vulnerability. He gave us the time we needed to patch software, test it, and have it ready to go. And once the vulnerability became public, Dan worked to highlight the importance of patching DNS servers.
That’s when I met Dan. I contacted him about the possibility of holding a webinar on his eponymous vulnerability, the workarounds employed to forestall it, and the necessity of implementing the DNS Security Extensions as a permanent fix. The call didn’t begin well. He had no idea who I was and started by giving me a primer on DNS. But he was good-natured and generous with his time. We ended up doing two webinars together; the first, I think, attracted more than 3500 attendees, all of them present to hear Dan. I was honored to be on the undercard.
There is much more to say about Dan, but that is better left to people who knew him better than I. For my part, I just want to say that I’m enormously grateful to Dan for his work on DNS and for the generosity he showed me. I only wish I’d had the opportunity to work with him more and know him better. The world is a poorer place for his passing.
