"We did kinda good here," said Kaminsky.
At a news conference after his presentation, Kaminsky said the response went far beyond what he had expected. Nonetheless, there's still work to do.
Cybe criminals, meanwhile, have started exploiting the DNS vulnerability. Late last month, according to security researcher HD Moore, an AT&T Internet Services DNS cache server was altered to replace the cached entry for www.google.com with a Web page that served advertisements using an iframe. Though the server has since been fixed and the attack wasn't particularly malicious, it's clear that concern about Kaminsky's DNS flaw is warranted.
At the news conference, Kaminsky said that there have probably been far more such incidents. But he said that those affected tend not to want to say anything.
"We need to stop assuming the network is as friendly as it is," said Kaminsky. "...Every network is a hostile network."
Kaminsky said if there was one thing he could ask for, it would be securing e-mail. "E-mail has the highest sensitive-information-to-total-lack-of-encryption ratio to anything else that we use," said Kaminsky. "If there's one change that I ask for, can we start looking into securing e-mail between companies? ... We are just addicted to sending sensitive information across the Internet insecurely."
The slides from Kaminsky's presentation, which explain the technical aspects of the DNS attack, are now available on his Web site, doxpara.com.