Security Bites 107: Dan Kaminsky talks about responsible vulnerability disclosure
Dan Kaminsky of IOActive talks with CNET's Robert Vamosi this week about his work.
For the moment, Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft their exploits. He's giving everyone 30 days before he spills the technical details at this year's Black Hat conference in Las Vegas in August.
Kaminsky, director of penetration testing at IOActive, is no stranger to discovering vulnerabilities. In this case, however, he says he wasn't looking for the DNS flaw but after three days of testing he knew he had something important.
In this week's Security Bites podcast interview, Kaminsky talks about what goes through his mind when he hits upon a suspected vulnerability and how he decides to proceed from there, and what he's learned thus far from the whole DNS patch experience.
A transcript of this podcast can be found here.
Listen now: Download today's podcast