Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet

How Should We Honor the Legacy of Dan Kaminsky? 27

Last week came the news that Dan Kaminsky, security researcher (and popular speaker at security conferences), had passed away at the age of 42. In a half hour the DEF CON security convention will hold a special online memorial for Dan Kaminsky on Discord.

But interestingly, Kaminsky was also one of ICANN's "Trusted Community Representatives," part of a small community involved in a ceremonial root key generation, backup and signing process. (Since 2010 Kaminsky was one of the seven "Recovery Key Share Holders" entrusted with a fragment of a cryptographic key and reporting in for its annual inventory.)

So who will take Dan's place? Slashdot contacted ICANN's vice president of IANA Services, Kim Davies. His response? We maintain an open invitation for volunteers who believe they are qualified, and review those volunteers when a vacancy arises. The selection process is documented, but in essence means we try to maintain a balance of skills and geographic location so that in the aggregate the TCRs are diverse.

The selection is not in chronological order, and will not necessarily result in selecting someone who most matches Dan's attributes. Ultimately the replacement will be a volunteer that the evaluation panel feels best contrasts and complements the attributes of the remaining TCRs.

Davies also shared this remembrance of Dan Kaminsky: He played a critical role in the evolution of the DNS by bringing attention to the practical cache poisoning vulnerability he discovered. He was a greater collaborator who worked closely with us to rapidly address the issue in critical infrastructure, and then worked to promote technologies like DNSSEC that can mitigate it effectively in the long term. He really provided a significant catalyst that resulted in DNSSEC being put into widespread production in 2010.

His service as a Trusted Community Representative was just a part of his commitment to these issues, and while his work on the DNS is perhaps his most famous contribution, he has an amazing resume of accomplishments throughout his career.

Personally I found him a delight to work with and we are deeply mourning the loss.

Of course, there's another way to follow in Dan's footsteps. Long-time Slashdot reader destinyland writes: Jeff Moss, founder of DEF CON and Black Hat, has proposed nominating Kaminsky for the Internet Hall of Fame, or even creating a Kaminsky award to honor "the core ideals" of the security researcher. But there's another complementary direction to go in... Black Hat board member Matt Devost tweeted last weekend that, "No one that knew Dan Kaminsky well is talking about DNS today. They are talking about kindness, boundless energy and positivity, spontaneous adventures, and how hard he worked to lift others up. Want to emulate one of the greatest hackers of all time? Let that be your guide."

And last week a self-described hacker named Dr. Russ even tweeted, "In an effort to honor Dan Kaminsky's character and legacy, we should all make a random act of Kaminsky weekly. Make it a point to be kind and helpful to someone, friend or stranger. Legit helpful and kind, take it over the finish line. Be the persistent guide he was. Then do it again."

I propose we call that "pulling a Kaminsky."

Presumably in the way later generations in William Gibson's Count Zero talked of "pulling a Wilson...."
This discussion has been archived. No new comments can be posted.

How Should We Honor the Legacy of Dan Kaminsky?

Comments Filter:
  • by redmid17 ( 1217076 ) on Sunday May 02, 2021 @10:44AM (#61338436)
    And make sure you don't click on stupid links. Looking at you boomers
    • Why? Why not just fix things?

      It is not as though the amount of crap in software has decreased by pushing out the next release.

      • by Nkwe ( 604125 )

        Why? Why not just fix things?

        Updating your computer *is* how we fix things. We are fixing things all the time, but when people don't apply the fixes, they choose to stay with the broken. Sure, different people have different ideas of "broken" and others prefer "broken" (or just how it is) to the change induced by the "fix", but in general the consumers of software are asking for new features, and with new features come new bugs. A given software application only becomes more stable over time if there aren't new features added and there

    • Boomers have been online for a long time, many of them since before Gen X. They were the ones who built the network, and designed all the protocols we use. They were using internet before anti-virus programs existed.

      In the olden days, people absolutely did not trust network-provided code. Javascript had a slow early adoption curve. In the 90s, it was pretty standard to leave javascript turned off.

      A lot of younger people are used to just trusting technology, and expect their phone or their computer to protec

  • And don't click on phishing email links. Looking at you boomers
    • by bill_mcgonigle ( 4333 ) * on Sunday May 02, 2021 @10:59AM (#61338484) Homepage Journal

      > Looking at you boomers

      The kind that double post the same thing minutes apart? This is prime performance art!

      IIRC Dan supported the ICANN community process. Who else here was a community member before ICANN decided to become autocratic and wipe out almost all of the community involvement?

      Given that ICANN can't be democratic at this point, to honor the intent of the community effort, we can honor Dan by supporting secure and decentralized web technologies that take the power away from corporate interests. He had NO problem giving Sony a huge black eye for their social malfeasance. So it should be for any who would abuse their power to make the Internet a worse place for the little guy.

      • by necro81 ( 917438 )

        Looking at you boomers

        The kind that double post the same thing minutes apart? This is prime performance art!

        No, that was posted by a bot from his account. He clicked on a phishing email link, see.

    • by jjbenz ( 581536 )
      We get plenty of people in their 20s and 30s doing that where I work.
  • by Registered Coward v2 ( 447531 ) on Sunday May 02, 2021 @11:15AM (#61338530)
    a real novel idea.
    • Sadly, it is in our world today.

      Otherwise, we wouldn't be sitting here talking about it as a differentiator.

  • by Ostracus ( 1354233 ) on Sunday May 02, 2021 @01:33PM (#61338866) Journal

    In the spirit of security research I declare today as pentesting slashdot day.

  • The concept of dns cache spoofing was around long before kaminsky publicised it...

    Here is a link to code that exploits the same attack he talked about:
    https://web.archive.org/web/20... [archive.org]

    It was written in 1999, although the earliest instance caught by web.archive.org was in 2001.

  • by Beryllium Sphere(tm) ( 193358 ) on Sunday May 02, 2021 @02:15PM (#61338962) Journal

    That's a Jewish mourning phrase. I'm not Jewish so there's a good chance I don't get the full meaning, but as I understand it it doesn't mean passive recollection, but instead means all the ways the person's actions continue to change the world after they are gone. It can mean accomplishments that have lasted, or lives they have changed for the better, or actions by the living inspired by their example.

    If his legacy is to inspire acts of kindness that will be sweet and fitting.

    Jews will not be unanimous about that interpretation but the sentiment resonates with me.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...