Flaws in DNS are allowing hackers to intercept emails.
Security researcher Dan Kaminsky has claimed that he has identified a major flaw in DNS that also applies to email services. He said that the flaw not only allows hackers to force people to visit websites but permits them to intercept email messages.
Sarb Sembhi, president of the ISACA London Chapter, said that Kaminsky's assertion comes as no surprise to him. He said: “Although the email aspect of the flaw implies a man-in-the-middle attack, the flaw goes much deeper than that, since it involves the central computers that route Internet users to relevant IP addressed systems.”
However he claimed that the IT industry is moving quickly to seal the gap, but companies need to ensure that their internet security systems are up to date and constantly reviewed.
Sembhi said: “The problem with the Internet is that, although its structure appears logical and relatively simple, the reality is that there is some quite complex routing involved. And as the Internet grows, so that complexity.
“The world of IP addressing and URL security is advancing at a rate never before seen in the IT industry. This means that a secure solution developed just 12 months ago is not going to be totally secure today. IT managers need to constantly review their security systems and software to be sure that they protect their IT resources as effectively as possible.”