Security Researchers Discover … 5 Stages of Disclosure Grief

Written by alane | Filed under Geek, Off Topic | 3 comments



 

Denial: “Dan may be smart, but Tom Ptacek states the obvious that this isn’t a new threat. Maybe a new spin on an old flaw.”

Anger: “Dan didn’t find shit. He read RFC3383 …” and “Dan has brought NOTHING new to the table. Simply made a name for himself by regurgitating the same old problems.”

Bargaining: “… the sky was already falling before Dan opened his mouth, …”, and “This is just another reason why we need DNSSEC”, and “What Should Dan Have Done?”

Depression: “What can we say right now? Dan has the goods.”

Acceptance: “Dan Kaminsky Disqualified from Most Overhyped Bug Pwnie” and “This is absolutely one of the most exceptional research projects I’ve seen. Dan’s reputation will emerge more than intact …”

DNS Vulnerability: Very interesting. Blog Discourse on DNS Vulnerability: Absolutely mesmerizing.  Dan Kaminsky finds a DNS flaw, and half the security research community grieves.

-Adrian

Posted on July 30

3 comments

  1. Wesley McGrew Jul 22

    And for those who’ve followed Dan Kaminsky’s previous Black Ops talks, and paid very close attention to the episode of Network Security with him talking about the problem…

    …well those people could skip several of the above steps ;)

  2. wishi Jul 31

    Well… thing is:
    Dan is everywhere :). He’s at toorcon, c3, Defcon/Blackhat, … TCP/IP black ops. Who didn’t hear about that?! Dan even is in German boulevard press. “Man of the day.”
    He’s in every Security Blog (>700 entries in my feedreader), he’s in every podcast, in every magazine. He’s like a Security-Madonna. (Madonna is brilliant, too…)

    I like that: people bringing attention to security research. And we need that in this “science” as I’d like to define it. But that’s another question. I think Dan creates awareness. I completely failed trying to do so - several times.

    … But he… I’ve something which is not so “boring”. You know: you get the impression millions of people care about DNS at the moment. That’s not true.
    I just like to compare this with Schroedingers Cat: will DNS die like the cat - likely - unlikely? (http://wishinet.blogspot.com/2008/07/dns-schrdinger-cat-miaus.html). We need more humor.

  3. corq Aug 4

    As a new arrival to the security scene (though old to IT) I was fascinated and perplexed by how much Dan has attempted and succeeded exploiting DNS this way and that. I was a neophyte, and his persistence at DNS manipulations stumped me, all I could ask was ‘why???’ Clearly a lot of people asked this same question of Dan.

    Yet it was clear he was trying to advocate re-examination of older systems before another few years of progress and dependency are built around them, and this is a good example of why all aging technology frameworks need a good stare, and a poke with a stick now and then.

    Thanks for the “reaction timeline” — I think Kaminsky earned his dues, yet the messenger rarely gets a warm welcome…

Leave a reply

Related Posts

1 In 4 DNS Servers Still Vulnerable? More Like 4 in 4
The Five Stages Of Cloud Computing Grief
Network vs. Application Security