Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

E-mails also affected by DNS flaw

ISACA : 12 August, 2008  (Technical Article)
Black Hat briefing reveals extent to which DNS flaw can affect e-mails as well as web browsing
ISACA, formerly the Information Systems Audit and Control Association, says that security researcher Dan Kaminsky's assertion that the major DNS flaw that he identified recently also applies to email services comes as no surprise.

'Kaminsky said at this week's Black Hat briefings in Las Vegas that the flaw not only allows hackers to force people to visit Web sites they didn't want to, but it also permits them to intercept e-mail messages,' said Sarb Sembhi, President ISACA London Chapter.

'Although the email aspect of the flaw implies a man-in-the-middle attack, the flaw goes much deeper than that, since it involves the central computers that route Internet users to relevant IP addressed systems,' he added.

According to Sembhi, the good news is that the IT industry - including major vendors and ISPs - is moving quickly to seal the DNS routing flaws that Kaminsky has identified, but he fully expects other flaws to arrive in the future.

'The problem with the Internet is that, although its structure appears logical and relatively simple, the reality is that there is some quite complex routing involved. And as the Internet grows, so that complexity,' he explained.

Because of these issues, Sembhi says that companies need to ensure their Internet security systems are up-to-date and reviewed on a regular basis.

'The world of IP addressing and URL security is advancing at a rate never before seen in the IT industry. This means that a secure solution developed just 12 months ago is not going to be totally secure today. IT managers need to constantly review their security systems and software to be sure that they protect their IT resources as effectively as possible,' he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo