From hackers to DNA decoders to copyright crackers, each of these elite members of the technorati have caused enough of a stir in the online community to make their peers nervous. In no particular order, here are the who's who of this year's digital underground.
Name /// Dan Kaminsky
(Photograph by Dave Bullock/eecue)
Age /// 29
Location /// Seattle
Association /// Director of penetration testing for IOActive
Reputation /// Kaminsky recently discovered a pervasive security hole in the Web that could let criminals silently hijack the online traffic of entire Internet service providers and major corporations.
Inside the Controversy /// Kaminsky's discovery highlighted for cyber attackers and defenders alike the inherent insecurity of a key component of the global communications network, which was never designed with security in mind.
Kaminsky found a major flaw in the domain name system (DNS), the communications standard that translates domain names like example.com into numeric Internet addresses that are easier for computers to handle. On July 8, dozens of software and hardware makers issued coordinated fixes for the vulnerability. Instructions for exploiting the flaw have since been posted online. Meanwhile, only about half of the companies that manage the Internet infrastructure have applied the updates.
"It's a scary time right now," Kaminsky says. "This thing is trivial to exploit, and it's been sitting there unfixed since the beginning of the Internet. The choice was either to fix it or leave this knowledge in the hands of a few malicious actors."
As the first public reports of criminals exploiting the flaw began to surface in July, security experts once again called for widespread adoption of "DNSSec," an extension for DNS that adds authentication and data integrity to the system. Meanwhile, a Russian physicist recently showed how he was able to exploit networks even after they were protected by Kaminsky's DNS patch.
 |
||||
CLICK FOR MORE: The Internet's Top 10 Most Controversial Figures of 2008 |
||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
PM contributor Brian Krebs is The Washington Post's computer security reporter. Check out his daily blog, Security Fix, right here.
