|Main Archive Page > Month Archives > full-disclosure-uk archives|
An Information Security Drama Report Exclusive
It was BlackHat Vegas 2008 at the Prestigious Pwnie Awards and tensions were running high. The audience had been waiting in anticipation for the announcement of the winner of the "Most Overhyped Bug" category. Nominees included pagvac's "BT Home Hub authentication bypass", Symantec's "Adobe Flash Player non-0day remote code execution", and Dan Kaminsky's "Unspecified DNS cache poisoning vulnerability".
However, while the competition was fierce, there was one obvious crowd favorite as the presenters pointed out by saying, "sixty percent of the nominations in this category were for Dan Kaminsky's Bug". After a light hearted description of the nominated bugs and an impromptu drum roll the winner was announced... "Dan Kaminsky!". The crowd applauded.
Somewhat to the surprise of the audience, Dan approached the podium, accepted the award, and for his speech he was paraphrased as saying, "There are the kind people who fix bugs and there are the kind of people who find bugs. I'm glad to be both." Dan then proceeded to slam the microphone down on the podium before going briefly back to his seat after which, as one attendee put it, "[Dan] strode out of the room with his head held up high, Pawnie in hand, and a smirk on his face". Dan's wife followed closely behind with their bags.
Further eye witness reports say that Dan Kaminsky was seen immediately after the awards ceremony repeating the following phrase several times, "I'm done I'm just done" to his wife who appeared to be consoling him in the wake of his acceptance speech.
Here at ISDR we can only speculate that this means the inevitable loss of yet another valued Information Security professional to the honest ranks of coffee shop or bar owners. Our editors and staff would like to let Dan Kaminsky know that he will be missed and if this year is any portent, a nominee and winner for a Pawnie Lifetime Achievement Award in 2009. Good luck and and God speed everyone in their unspecified DNS cache poisoning attacks.