The Good Old Hacker Community
Security researchers are criticizing hacker Dan Kaminsky for keeping quiet about technical details of a critical DNS flaw.If he did publish the way that the hacker community traditionally do, and if many of the world's D.N.S. software manufacturers were unable to compete with the simplicity of the hack - they would not work out what was wrong before the infrastructure caching invasion set for possibly days or longer sites for the highest bidder (i.e. gambling, pornography, virus launching, dangerous, harmful, spam sites) but hidden in DNS subnets. If you consider how the DNS works, it would mean damages in the trillions of dollars.
Therefore, some toleration of the occasional fraud of publicity seeking sensationalists is a small price to pay when faced with the potential loss of value from web facing business, in fact - instant brand degradation and cut off from the rest of the world, making business takes a pragmatic stance on computer viruses. Treat any old story as important.
Is this one important? Well if it is, then the only harm will come from DNS software that is not fixed, and may still exist in between routes. Of all the doors to leave unlocked, DNS? It is like a mutual blind spot. It is only the one that could really cripple things.
When you think of the freely available 2048-bit encryption software that is readily available and used for host control technical access to the internet for good reason.
That DNS keys are cheaply calculated 16 bit values is enough to make me fret with fear. If Dan Kaminsky has fixed that in much of the DNS software world-wide, well he had done humanity a massive favour.
In my view an "exploit method" is subject to the author's copyright and just because the "hacker community" have an open source exposure requiring proof of concept, creating a sort of hacker no-go territory (no hacker worth his salt would use a published exploit!), is not necessarily protecting the rest of us who are subject to the upgrade whims of mega-corporations, and changing terms and conditions littered with retroactive legal agreements and mostly unread clauses.
The Hacker Community correctly sees itself as a modern form of Robin Hood, but the use of a secure and safe internet is far better for humanity than a broken one.
The hacker community may amuse themselves in their wisdom but underestimate their value to the real world because of their magic code. Publication of all exploits. Then at least it would be lame, if for example some terrorist used one that was "in the open" to compromise the security of a satellite system that used hardware that could not easily be upgraded, and launched a military attack in the area the hacker lived in, that would genuinely suck.
Anarchy has its rewards, and of course, it's risks.
Labels: hacker community
posted by Nicholas @ 12:42 AM
0 Comments
