How many people run a DNS server on their home computer?

Ok, that is who is affected by this bug.

How many public DNS servers run on OSX Server?

Ok, that is how many systems are affected by this bug.

So, 99.99999% of Mac, GNU/Linux and Vista/XP users are at zero risk of this affecting their home machines.

Who did have issues with this? People like your ISP or other entities which run DNS servers.

Gotta love the sensationalism of the story though. They even got a pot shot at Microsoft in the last paragraph. Anything to bring people to the site though.

Perhaps you might want to check your facts first next time before posting.

The vulnerability affects DNS clients too.

"The real vulnerability is not in Windows or Linux but in BIND, the most widely deployed DNS software everywhere. A security feature in BIND creates a transaction ID for communications between an IP host and a DNS server. Supposedly, that transaction ID is supposed to be randomized using a 15-bit binary number. But the way it's typically deployed, each limitation or option added to the system reduces the number of bits in that random number by one each time, and reduces the number of guesses a malicious script requires to guess the transaction ID by a power of two.

With that accomplished, a malicious user may be able to effectively "poison" the cache of DNS routers with table entries based on appropriately matching transaction IDs, but which point to improper IP addresses."

how does that affect a client? a client is simply using a DNS Server. If said server has been poisoned, the client has nothing to do with it.

Perhaps you might want to get a clue before posting.

See here: http://blog.ncircle.com/...tch_fails_to_rando.html

This will be my last response to your trolling.

Your own link tells you it is a DNS Server issue you only will see if you run a DNS Server on your machine which 99.9999999% of people do not.

If the DNS server you are using is poisoned, there is nothing you can do no matter what OS you are using.

You fail again.

Well, I simply meant to highlight that the vulnerability does affect both DNS servers and DNS clients. Apple only patched the server portion.

Perhaps the explanation from this link is clearer: http://isc.sans.org/diary.html?storyid=4810

...shows it is -as a DNS client- still using incrementing ports.

and

So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness.

*Breaking News*

Apple admits OSX simply a skinned version of Microsoft Vista Home. MSFT added the main reason for Vista DRM is to lock down and limit features available to Apple users as a differentiator from the premium universal Vista product.

In a shared press release the two companies revealed secret collaboration had been going on for years after Apple realized their fashion designers had neither the talent nor skills to support a user base greater than 12.

To clear up confusion and streamline products it was announced that OSX will be marketed as Vista Lite'n'Pretty from 10.6 onwards.

Across the nation Apple users expressed their delight at these unexpected news. Groups were reportedly seen dancing around bonfires or gathering in large flocks and sipping Latte at Starbucks, the primary mating grounds for Mac users.

...or not.

"Apple's patch fails to fix DNS flaw" @ http://www.computerworld...c&articleId=9111363

Starting to get ridiculous. I guess the days of Apple as a reasonably secure platform are officially gone.

http://www.computerworld...c&articleId=9111398

Lol it never was secure. Just more under the radar.

But I thought "it just works" and only Windows/IE have "major" security holes. Oh dear, the lame TV ad propaganda has unraveled.

nah man it's just that apple fans have been brainwashed since the beginning ;)

If you are on a Mac you were secure from day one! Pure propaganda at it's best. Mac's are incapable of security vulnerabilities.

keep dreaming child, keep dreaming, why dont you just get out of your basement and drag your fat a** to the football try-outs at your school or college, oh yeah and thanks for calling me "f**got" but hey if you're calling me a f**got you must be one because you're assuming things that you don't even know

Is that also the reason why they are incapable of fixing even a simple security vulnerability such as this?

They didn't even have to do much research to fix the flaw because the way to fix it is very well-known.

Come on guys. U can't possibly take that guy serious!?!

Back on subject: "Researchers from security firm nCircle and the SANS Institute both report that fully patched versions of Tiger (10.4.11) and Leopard (10.5.4) remain vulnerable even after running a bevy of patches Apple released Thursday. Other vendors, including Microsoft, Sun Micro, released similar patches weeks ago."

"Come on guys. U can't possibly take that guy serious!?!"

Lol I stopped taking this guy serious a LOOOONG time again.

i guess

Mac OS has been the most insecure operating system for years. Nobody was interested in hacking Mac OS because until Apple switched to Intel x86 processors hardly anyone used Macintosh computers.

What's that you say? Apple have a flaw anywhere? No!