2 posts published by Dan Kaminsky during June 2015| Dan Kaminsky's Blog
Ladies and Gentlemen of the Quantum Physics Community: I want you to make a Pseudorandom Number Generator! And why not! I’m just a crypto nerd working on computers, I only get a few discrete bits and a handful of mathematical operations. You have such an enormous bag of tricks to work with! You’ve got […]| Dan Kaminsky's Blog
0day is cool. Killing 0day, sight unseen, at scale — that’s cooler. If you agree with me, you might be my kind of defender, and the upcoming O’Reilly Security Conference(s) might be your kind of cons. Don’t get me wrong. Offense is critical. Defense without Offense is after all just Compliance. But Defense could use […]| Dan Kaminsky's Blog
It’s not actually surprising that somebody would claim to be the creator of Bitcoin. Whoever “Satoshi Nakamoto” is, is worth several hundred million dollars. What is surprising is that credible people were backing Craig Wright’s increasingly bizarre claims. I could speculate why, or I could just ask. So I mailed Gavin Andresen, Chief Scientist of the Bitcoin Foundation, “What the […]| Dan Kaminsky's Blog
I’ve made some comments regarding Apple vs. the FBI at Wired.| Dan Kaminsky's Blog
So, my Defcon talk, ultimately about ending clickjacking by design. TL:DR: The web is actually fantastic, and one of the cool things about it is the ability for mutually distrusting entities to share the same browser, or even the same web page. What’s not so cool is that embedded content has no idea what’s actually […]| Dan Kaminsky's Blog
So some of the more fun bugs involve one team saying, “Heh, we don’t need to validate input, we just pass data through to the next layer.” And the the next team is like, “Heh, we don’t need to validate input, it’s already clean by the time it reaches us.” The fun comes when you […]| Dan Kaminsky's Blog
So I went ahead and did a podcast with Stewart Baker, former general counsel for the NSA and actually somebody I have a decent amount of respect for (Google set me up with him during the SOPA debat…| Dan Kaminsky's Blog
CVE-2015-7547 is not actually the first bug found in glibc’s DNS implementation. A few people have privately asked me how this particular flaw compares to last year’s issue, dubbed …| Dan Kaminsky's Blog
2 posts published by Dan Kaminsky during February 2016| Dan Kaminsky's Blog
SUMMARY: Yes, this is a scam. Not maybe. Not possibly. Wright is pretending he has Satoshi’s signature on Sartre’s writing. That would mean he has the private key, and is likely to b…| Dan Kaminsky's Blog
TL;DR: The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. This affects a universall…| Dan Kaminsky's Blog