Sometimes it’s the small things in life that matter. A few months ago my favorite hacker Dan Kaminsky discovered a fundamental flaw in the design of the Internet. it can be exploited by almost any hacker out there, and he made the effort to manage the politics of cooperation behind the scenes with major corporations and institutions, hoping to come up with a fix before word got out. Oh and it was not that easy, because any patch would by definition highlight the flaw. As Dan acknowledges, this flaw was known previously to be a weakness… but warnings were not given adequate respect. Probably the biggest news about the flaw was the concept of the top technical IT people in the world having to quickly work together, in a-political stealth mode, to come up with a fix. This was probably the largest scale problem the Internet has seen to date.
Even more geekly interesting is the way the “birthday paradox” rears it’s ugly head with the fix, meaning even if everyone executes the fix, we still have a problem that needs to be designed out of the system in the future. The Birthday Paradox is that wierd statistical fact that, in any room of 23 people, statistically speaking, it is likely that two people will have the same birthday. It always seems like a remarkable coincidence to our human minds that 2 people have the exact same birthday, but it just takes 23 people to make the odds better than chance. In this case, the fix for the DNS flaw Kaminsky highlighted relies on the random selection of a number. Since there is a finite pool of numbers to pick from, if a hacker also guesses and does it enough times at the same time, she ends up running 50/50 odds of landing on the correct number. Not too shabby, if the prize is control of the Internet.
Cool, geeky, and relevant stuff. But that’s not the “little thing” that made me spit my coffee across the Starbucks table this morning. It was the second comment posted to the IT news website where Dan Kaminsky’s work addressing this major Internet flaw was reported. A link to the Youtube video of Kaminsky explaining the ever-so-techy topic, in front of a small typically-geeky tech audience, which is visible to the camera. The commenter had this to add to the conversation:
Geek Alert: Dan Kaminsky on the DNS Bug of 2008…Would you bang the chick on the front row?
You gotta love this world we live, work, and play in. Video below… you can check out the chick for yourself.