DAN KAMINSKY TESTIFIES TO CONGRESS ON CYBER SECURITY

IOActive's Director of Penetration Testing briefed White House officials on the current state of cyber security and his vision for moving forward.

Seattle, Wash—May 13, 2009. IOActive, a leading provider of comprehensive security services, today announced that Dan Kaminsky, their Director of Penetration Testing, was asked to testify to White House officials on the state of cyber security. With cyber crime on the rise, Congress looked to Kaminsky—industry expert best known for spearheading the repair of a major DNS vulnerability who also was recently nominated into the Infosecurity Europe Hall of Fame—to provide an in-depth analysis of Internet security and his thoughts for improving it.

"I was thrilled at the opportunity to testify to Congress on the state of Internet security. While some of the statistics are discouraging, I think the industry has made a lot of progress in the last five years, and I believe we can better secure the Internet through appropriate tools and effective collaboration," said Kaminsky.

Kaminsky testified that, according to the Verizon Business Group, there was more compromised material in 2008 than the previous four years combined, and 91% of it could be traced to organized crime groups. While this paints a bleak picture for the state of cyber security, Kaminsky points to the Conficker Worm and discusses why it represents an enormous success for the industry and Microsoft.

"In 2003, the Conficker Worm would have infected most Windows machines, but today it only infected a small percentage of the Windows population," said Kaminsky. "Microsoft and the security industry worked together to mitigate the threat and significantly minimize damage from a worm that would have been devastating in earlier years."

According to Kaminsky's testimony, the industry needs to apply this same level of cooperation and collaboration to cyber security's underlying problems. By understanding that there are no boundaries in cyber security and that problems are spread among individuals, companies, and nation states, Kaminsky hopes the industry will forge public-private partnerships.

In addition to effective collaboration, Kaminsky advocates Domain Name System Security Extensions (DNSSEC) as a transformative answer to the cross-organizational difficulties that are causing network compromise. DNSSEC secures different types of information provided by the Domain Name System (DNS) and allows for authentication of DNS data. The Verizon Business Group found that flaws in authentication contribute to 60% of data breeches, and Kaminsky testified that DNSSEC could help alleviate this problem.

About Dan Kaminsky

Dan Kaminsky is the Director of Penetration Testing at IOActive where he specializes in design-level fault analysis, particularly against massive-scale network applications. Previously of Cisco and Avaya, Kaminsky has operated professionally in the security space for over 10 years. He is well known for his Black Ops series of talks at the well-respected Black Hat Briefings. Kaminsky regularly collects detailed data on the health of the worldwide Internet, and used this data to detect the worldwide proliferation of a major rootkit. Recently, he discovered a major flaw in the Internet's DNS infrastructure and worked with security engineers around the world, protecting countless organizations and individuals against this threat.

About IOActive

IOActive is an industry leader that offers comprehensive security services including software assurance, smart grid security, infrastructure audits, training, incident response, PCI compliance, and risk management. IOActive has attracted many well-known security experts including Dan Kaminsky, Jason Larsen, Steve Wozniak, Mike Davis, and Ilja van Sprundel. More information is available at www.ioactive.com.

-###-