Computer security world in mourning over death of Dan Kaminsky, aged 42
DEF CON hails 'an icon in all the positive ways'
Obit Celebrated information security researcher Dan Kaminsky, known not just for his technical ability but also for his compassion and support for those in his industry, has died. He was 42.
Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet's infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades.
Dan Kaminsky ... Credit: Dave Bullock / eecue
Not that Dan was the celebrity type. When he disclosed the DNS poisoning flaw at that year's Black Hat conference, he looked distinctly uncomfortable in a suit – the first time many had seen him wear one – though when it came to explaining the vulnerability and its solution, he was unparalleled.
Dan on the DNS multiparty vulnerability coordination & embargoed disclosure he championed in 2008, that was the catalyst for the formal creation of Microsoft Vulnerability Research.— Katie Moussouris (she/her) is 1/2 vaccinated (@k8em0) April 24, 2021
We owe him so much, we all do. People who will never know his name owe Dan https://t.co/rMICQdRyTc
When your Register hack asked Kaminsky why he hadn't gone to the dark side and used the flaw to become immensely wealthy – either by exploiting it to hijack millions of netizens' web traffic, or by selling details of it to the highest bidders – he said not only would that have been morally wrong, he didn't want his mom to have to visit him in prison. You can read more technical info on the DNS flaw here.
Besides discovering the domain-name system weakness, he had been a stalwart of the security research scene for years, and was a much-loved regular at conferences big and small. You can find a YouTube playlist of his DEF CON presentations, for instance, here. He would talk with and advise anyone – even paying the entrance fees for some researchers or letting them crash on his hotel room floor – and it was this generosity that people are overwhelmingly remembering this weekend.
Dan Kaminsky’s @dakami passion, creativity, desire to learn and teach really help influence both #defcon and @BlackHatEvents in the early years. He became an icon in all the positive ways and we looke up to him. RIP Hacker.— DEF CON (@defcon) April 24, 2021
Dan Kaminsky was one of our best and kindest. Dan showed me, a then budding infosec journo with next to no knowledge and out of my depth 15 odd years ago, only kindness and patience. He never changed in the intervening years. Biggest smile in infosec. 💙 to friends and family.— darren (@darrenpauli) April 24, 2021
Absolutely heart-breaking to open up Twitter and be hit by the tragic news about @dakami. He was incredible. Truly. He inspired me from the very first time I met him. The infosec world will forever shine a little less bright. 💔— Eleanor Dallaway (@InfosecEditor) April 24, 2021
It's hard to meet a person in the computer security field for whom everyone has a good word, and Kaminsky was one of the few. He also came up with some top-notch research besides the DNS poisoning issue.
Dan was a force of nature. A hacker who saw not just 1 or 2 moves ahead but so many you sometimes wondered if he was playing the same game: I asked him for a demo. He brought a record turntable he used to move a VM forwards & backwards in time like a DJ scratching.— Marc Rogers (@marcwrogers) April 24, 2021
For example, in 2005, Sony BMG decided to install rootkits on people's PCs without telling them to counter CD music piracy. Company president Thomas Hesse argued that "most people, I think, don't even know what a rootkit is, so why should they care about it?" After the issue was identified by Mark Russinovich, now CTO of Microsoft Azure, Kaminsky helped in identifying just how many folks likely had the anti-piracy mechanism on their systems – in short, more than a third-of-a-million networks had computers touched by Sony BMG's code.
He also did sterling work in working with others to spot flaws in SSL, and in automating the detection of Conficker malware infections. Outside of these high-profile discoveries, Kaminsky was beloved by so many because he had a sense of fun and clearly enjoyed collaborating with folks.
His conference talks at Black Hat, DEF CON, and smaller cons were often overbooked and standing-room only at the back. He had an unerring knack for finding elegant or interesting ways of probing code, explaining the ramifications to an audience, and then answering as many questions as he could.
As a journalist, this was a blessing for your vulture – Kaminsky had no animosity to the press if they were trying to get the full story out, and would explain stuff quickly and simply to make sure coverage was accurate. This hack remembers cancelling dinner plans when he called late one afternoon with an interesting tale: you knew it was going to be a late night of reporting work though it would be worth it.
There is now a move to see Kaminsky inducted into the Internet Hall of Fame. It is an accolade he thoroughly deserves.
In a statement thanking everyone for their kind words, Kaminsky's family said he died as a result of diabetic ketoacidosis, and asked for privacy at this time. ®