Invited Talk Spotlight: Dan Kaminsky
Dan is the author of one of my favorite sysadmin-related hacks of all time. I can still remember the glee I felt when I heard he had found a way to tunnel SSH over DNS (yes, you heard right) and had provided the code to do it. Later that year at BlackHat, he showed not just SSH, but audio and video streaming through DNS.
I came to learn this was just one of a series of tremendously creative ideas in security that put him permanently on my “people to watch” list. Other examples included innovative work in port scanning and network visualization. He’s also known for work on the practical application of some of the new attacks on MD5. I understand this year he made some waves with announcement of a security scan that showed 230,000 DNS servers are still potentially vulnerable to DNS cache poisoning.
I’m delighted that Dan has accepted an invitation to speak at LISA 2005. We might even get him to demonstrate some of the cool DNS hacking I mentioned plus some of the new stuff he has up his sleeve. On top of this, Dan has agreed to address the questions that system and network administrators must deal with when faced with these and other mind-blowing security hacks if (or more likely when) they appear on your network.
Here’s the official blurb for the talk:
There is set the of functionality we expect from our network. There’s the set of functionality your network is capable of. These two sets are not identical. This talk will explore security risks you may not even be aware your network is exposed to and will demonstrate new techniques for managing those risks. Mechanisms will be discussed for:
Establishing video-capable tunnels over DNS (and detecting such tunnels) Evading intrusion detection systems by exploiting IP’s lack of statelessness Reliably auditing internet-scale networks Visualizing complex network activity
See Dan’s web site for a flavor of the sort of stuff you’ll be hearing at the LISA 2005 conference.