-
Channel Business -
Security -
AI -
Infrastructure -
- Lists & Awards
- Resources Resource HubsFeatured ResourcesLink to Video: SotaTek US CEO on AI Infrastructure Mistakes MSPs Must Fix
Video: SotaTek US CEO on AI Infrastructure Mistakes MSPs Must FixKatie Bavoso sits down with MK Tong, CEO of SotaTek USA, to break down why infrastructure—not AI models—is the real bottleneck for enterprise success
Link to Video: SecurityBridge CEO on SAP Security, AI Risks & 2026 Priorities
Video: SecurityBridge CEO on SAP Security, AI Risks & 2026 PrioritiesSecurityBridge CEO Jesper Zerlang discusses SAP security, AI risks like data poisoning, and why channel partnerships are key to 2026 growth.
Link to Video: Why Most AI Projects Fail According to Spyglass MTG CEO
Video: Why Most AI Projects Fail According to Spyglass MTG CEOSpyglass MTG CEO Dori Albert explains how organizations can build secure and data-driven AI platforms that deliver real business value.
Link to Video: Harbor IT on NENS Acquisition and Why the Generalist MSP Model Is Dying
Video: Harbor IT on NENS Acquisition and Why the Generalist MSP Model Is DyingLeaders from Harbor IT explain why the traditional generalist MSP model is fading and how specialization, cybersecurity expertise, and vertical industry focus are shaping the future of managed services.
Link to Video: Hype, Bubble, or Breakthrough? Talking All Things AI with The Neuron
Video: Hype, Bubble, or Breakthrough? Talking All Things AI with The NeuronIn this Channel Insider crossover, the hosts of The Neuron break down the AI race, the bubble debate, and what today’s tools really mean for businesses and everyday users.
Link to Video: SurePath AI CEO Secure GenAI Adoption with Zero Trust
Video: SurePath AI CEO Secure GenAI Adoption with Zero TrustSurePath AI CEO Casey Bleeker explains how organizations can accelerate generative AI adoption using zero trust principles and AWS guardrails without increasing security and compliance risk.
- About About
- Events Events
DoS Flaws Haunt BIND Server Software
The nonprofit Internet Systems Consortium has rolled out fixes for a pair of denial-of-service flaws in its BIND (Berkeley Internet Name Domain) implementation of the Domain Name System protocols. The vulnerabilities were reported in BIND versions 8.4.4, 8.4.5 and 9.3.0 and carry a “moderately critical” rating from independent research firm Secunia. BIND is by far […]
The nonprofit Internet Systems Consortium has rolled out fixes for a pair of denial-of-service flaws in its BIND (Berkeley Internet Name Domain) implementation of the Domain Name System protocols.
The vulnerabilities were reported in BIND versions 8.4.4, 8.4.5 and 9.3.0 and carry a “moderately critical” rating from independent research firm Secunia.
BIND is by far the most popular software for mapping domain names to IP addresses on the Internet. Vulnerabilities in BIND have triggered heated debates in security circles because of the heavy dependence on the software.
The first flaw, which only affects versions 8.4.4 and 8.4.5, is a buffer overflow error in the handling of the “q_usedns” array used by the server to track name servers and addresses that have been queried.
A successful exploit could allow an attacker to crash the service, according to an advisory from the U.S. Computer Emergency Readiness Team.
The ISC has recommended that users disable recursion and glue fetching as a temporary workaround. A comprehensive fix is available in the new ISC BIND version 8.4.6.
The second flaw, which affects BIND version 9.3.0, was found in the way BIND supports the DNS Security Extensions (DNSSEC), including the NextSECure (NSEC) RDATA Format. “An incorrect assumption in the validator function authvalidated() can result in an internal consistency test failing and named exiting,” US-CERT warned in a second advisory.
An attacker with the ability to craft specific DNS packets could exploit this vulnerability to trigger denial-of-service attacks.
Users are urged to disable dnssec validation at the Options/View level and upgrade to the new BIND version 9.3.1.
Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.
