ISACA says major DNS flaw affecting email comes as no surprise

By ISACA

ISACA, formerly the Information Systems Audit and Control Association, says that security researcher Dan Kaminsky’s assertion that the major DNS flaw that he identified recently also applies to email services comes as no surprise.

“Kaminsky said at this week’s Black Hat briefings in Las Vegas that the flaw not only allows hackers to force people to visit Web sites they didn’t want to, but it also permits them to intercept e-mail messages,” said Sarb Sembhi, President ISACA London Chapter.

“Although the email aspect of the flaw implies a man-in-the-middle attack, the flaw goes much deeper than that, since it involves the central computers that route Internet users to relevant IP addressed systems,” he added.

According to Sembhi, the good news is that the IT industry - including major vendors and ISPs - is moving quickly to seal the DNS routing flaws that Kaminsky has identified, but he fully expects other flaws to arrive in the future.

“The problem with the Internet is that, although its structure appears logical and relatively simple, the reality is that there is some quite complex routing involved. And as the Internet grows, so does that complexity,” he explained.

Because of these issues, Sembhi says that companies need to ensure their Internet security systems are up-to-date and reviewed on a regular basis.

“The world of IP addressing and URL security is advancing at a rate never before seen in the IT industry. This means that a secure solution developed just 12 months ago is not going to be totally secure today. IT managers need to constantly review their security systems and software to be sure that they protect their IT resources as effectively as possible,” he said.