Dan Kaminsky and Kevin Mitnick, two of the biggest names in computer security circles, had their web sites hacked and their personal data posted online just as the Black Hat security conference gets under way in Las Vegas.
Kaminsky (pictured) is due to give a talk today on his latest research. Last year, he set off a firestorm when he revealed that he had discovered a fundamental flaw in the security of the Internet. His research led to a huge industry effort to patch the Domain Name System, which is the address book of the Internet.
Mitnick, meanwhile, is the once-jailed computer hacker who is now a security consultant and author. People believe they were targeted by hackers because they have high profiles — and are considered to be self-hype artists. The hackers posted emails taken from Kaminsky’s server which include private emails between himself and other security researchers, personal chat logs, and a list of files that he reportedly downloaded.
Kaminsky has scheduled a press conference for 5 pm Pacific time today. His research this year includes information on digital certificates and hash collisions.
Hackers posted a note on Kaminsky’s site on Tuesday and he removed it last night, posting a note saying, “Well played, guys. Could have done without the personal info dump but otherwise lets grab a beer at [DefCon].” It looks like Kaminsky may have to change the title of his talk to, “How my own web site got pwned.”
[Update: Kaminsky joked about getting hacked in his talk. He typically gives out cookies from his grandmother to those who ask smart questions at his Black Hat talks. This time, he said, “If you hacked the shit out of me, you get two cookies.” Meanwhile, FireHost just announced that Kevin Mitnick has chosen the company as his new web site host for www.mitnicksecurity.com.]