LAS VEGAS – After becoming a security superstar by revealing new authentication frailties and brokering DNSSEC...
adoption pacts, researcher Dan Kaminsky shelved those causes for a year and giddily returned to his network security roots during his annual Black Ops presentation today at Black Hat 2011.
My hope is we can give policy makers the data they need to determine economy-promoting behaviors at the network level.
Kaminsky, who shed not only a few pounds, but also his trademark jeans-and-black-T-shirt look for a jacket and necktie, regaled a standing-room crowd with a spate of new research. Among the highlights were new vulnerabilities discovered using the peer-to-peer currency network BitCoin, a cheeky tribute to his late hacker friend Len Sassaman, UPNP issues on home routers, network anonymity and even comments on the controversial topic of net neutrality.
“It’s so great to be back doing this stuff,” Kaminsky beamed at one point during his 75-minute presentation.
Kaminsky has been presenting at Black Hat and other technical security conferences for more than a decade. But his notoriety catapulted in 2008 when he revealed critical flaws in the Domain Name Server system that could allow attackers to redirect traffic at their discretion. Kaminsky orchestrated a massive DNS patch among nearly a dozen vendors as a temporary fix. Since then, he’s been hard at work promoting DNS Security Extensions, or DNSSEC, which essentially brings PKI to DNS.
Today at Black Hat, however, it was all about the network; poking and prodding longstanding protocols and services for fun and profit. BitCoin, a digital, virtual currency system, was the platform for some of Kaminsky’s new research. BitCoin is a payment system that charges a low cost per transaction. Each transaction is digitally signed and broadcast, supposedly anonymously, over a peer-to-peer network. Kaminsky announced a new tool called BlitCoin that unmasks one or both ends of a BitCoin transaction.
Kaminsky also took on home router security, specifically the universal plug-and-play service (UPnP) that allows nodes on the inside of a router/firewall to ask the router to open ports from the Internet. Kaminsky demonstrated how he was able to manipulate the routers to listen to UPNP from the outside, allowing hackers to open ports at will and inject code or manipulate traffic. Work on this widespread flaw was also conducted by researcher Daniel Garcia, who will be at DefCon this weekend presenting on UPnP vulnerabilities.
Kaminsky’s next cause célèbre is likely net neutrality, or the practice by ISPs of limiting or scaling traffic from certain sources via policy. Kaminsky has been a strong opponent of this practice and the economic implications of it.
He announced a new tool called N00ter, which he will license via BSD in the next couple of weeks. N00ter, he said, will gather data on biased networks looking for net neutrality violations. Kaminsky said in releasing the tool, he’s simply acting as a data collector and hopes lawmakers will take the initiative to move forward against violators.
“My dream is that N00ter would never find anything,” Kaminsky said. “At some point, we will have an extensive list of what’s going on.”
N00ter is essentially a filter that screens out routers that could alter the path and delivery time of traffic packets, leaving just ISP to source paths. Kaminsky said any deviations in speed, say of Xbox 360 traffic vs. PlayStation 3 network traffic, would be readily apparent.
“My hope is we can give policy makers the data they need to determine economy-promoting behaviors at the network level,” Kaminsky said. “It’s impossible to do that without data.”