Dan Kaminsky is a supergeek in Seattle. He's a computer security expert, using the typical superpowers of network packet analysis, free WiFi from Starbucks, and a job at Microsoft. But last January, Kaminsky's Spidey Sense tingled: he had discovered a flaw in the Internet's DNS (Domain Name System), the globally distributed system that translates human-readable names like www.mentalfloss.com into machine-accessible addresses like 220.127.116.11. Wired details what happened next:
Kaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet's infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone's email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?
The vulnerability gave him the power to transfer millions out of bank accounts worldwide. He lived in a barren one-bedroom apartment and owned almost nothing. He rented the bed he was lying on as well as the couch and table in the living room. The walls were bare. His refrigerator generally contained little more than a few forgotten slices of processed cheese and a couple of Rockstar energy drinks. Maybe it was time to upgrade his lifestyle. ...
In the months that followed, Kaminsky's dangerous discovery rallied DNS experts worldwide to the cause. Together they organized a "massive multivendor patch," an update to the software from effectively every major DNS software vendor. Read the awesome story and be awed. Sample sentence: "The first thing I want to say to you," Vixie told Kaminsky, trying to contain the flood of feeling, "is never, ever repeat what you just told me over a cell phone."