Kaminsky Releasing Security Tools In 'Black Ops' Talk

Researcher Dan Kaminsky pokes holes in network security at Black Hat USA.

August 3, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Black Hat

Black Hat


Researcher Dan Kaminsky will be "kickin' it old school" at Black Hat, a UBM TechWeb event, Wednesday in his annual Black Ops Of TCP/IP presentation. He will unveil a series of hacks and tools that include a range of topics that include Bitcoin, home routers, firewalls, DDoS attacks, passwords, and even exposing Net neutrality issues.

Kaminsky's research represents a laundry list of things he has recently discovered. Although some of the items are completely unrelated, he says for the most part they represent some of the underlying themes in security today. "We have three core problems: broken authentication, bad code, and we can't bust the bad guys," he said. "No one doing cybercrime is particularly afraid they are going to go to jail. Us security researchers are worried because we say, 'I'm Dan, and look what I've got.' But if you're a company making money from fake AV scams, no one is going to bust you."

Bitcoin, the peer-to-peer virtual currency service, was recently scrutinized by Irish researchers who demonstrated how it's possible to unmask user transaction information. Kaminsky's research overlaps somewhat with that paper. Among other things, he will release Wednesday a tool for de-anonymizing a Bitcoin transaction.

"Peer-to-peer networks were never supposed to be anonymous about their peers. Bitcoin was the first attempt to provide anonymity for P2P," he said.

Kaminsky also will discuss a common flaw in home routers that he found and had also previously been discovered by Daniel Garcia, a researcher who will be revealing his findings at Defcon later this week. The hole comes via the universal plug and play (UPnP) protocol found in popular home routers, which could allow an attacker to remotely open a port on the router. "You could be on the outside [of the network] and open things up," Kaminsky said.

Garcia will reveal during his Defcon talk findings on the number of these devices that are vulnerable to such an attack, which at the least numbers in the hundreds of thousands so far, according to Kaminsky.

Read the rest of this article on Dark Reading.

Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events