RETIRED CONTENTPlease note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.
In early 2008, security researcher Dan Kaminsky, Director of penetration testing at IOActive stumbled across a potentially devastating flaw in the Domain Name System (DNS) code that the Internet relies on. The vulnerability – a flaw that could allow DNS cache poisoning, man-in-the-middle attacks, and e-mail hijacking – makes it easier, than previously known DNS vulnerabilities, for hackers to change the source IP addresses that domain names are routed to. Realizing the magnitude of the flaw, Kaminsky enlisted the maintainers of Berkeley Internet Name Domain (BIND), Internet Systems Consortium (ISC) to help him convince vendors that they had to work together to both keep the vulnerability quiet and patch their software immediately.