Some geeks in a small town in the Cape of our country, South Africa, hacked together a mobile Java MSN client. They called it MXit and gave it away free. Given the disproportionately high difference in price per byte of SMS vs GPRS provided by our mobile operators. It caught on quickly.

However, the media, and indeed a seemingly large chunk of parents have become very concerned about the latest evil in our society. A rather tech savvy journalist friend of mine just included the phrase "A Society in Crisis" in his last blog entry on the subject, and our daily news tells of an emotionally scarred teenager who just had a 'helluva' ordeal. He'll probably never love again, poor kid.

This topic has been grating my tit for some time now, and I felt the need to counter-rant.

I learned something about DNS this weekend. For some reason I was labouring under the impression that your machine, not the DNS servers dig the recursive lookup for you. What I mean by this is that I thought a DNS lookup went something like this:

1. Request for lookup of 'domain.com'.
2. Request sent to configured DNS server (non-authoritative for 'domain.com').
3. Response received including details of nameserver (NS) authoritative for 'domain.com'.
4. Request sent to 'domain.com' NS for lookup of 'domain.com'
5. Authoritative response received

That is sort of how it works, I just had the agent initiating the subsequent requests mixed up. This belief was fine back in the day when most DNS servers were running open, caching, recursive DNS servers. Now-a-days that is bad, so just sticking my nearest DNS server into /etc/resolv.conf was only resolving addresses it was authoritative for.

After struggling for a few hours to solve this, I phoned Russell, because he knows this stuff. He pointed out that it is the DNS servers that do the recursion not your machine. So, you have to point your machine at a recursive DNS server that will talk to your IP. Being a smart guy, he happened to know one I could use, off-by-heart. FREAK!

I put this here in the hopes that the next geek who googles for it won't waste as much time as I did. I thought as a moderately capable geek I would just know stuff like this, it's always interesting to see where the holes in your knowledge are.

Bwahahaha.

I find it hard to swallow that a vendor like Aladdin can write a filesystem driver that filters USB requests to encrypt data on the fly using documented interfaces, that a vendor like CA can write a driver that filters all incoming TCP connections using documented interfaces, and that a vendor like PointSec can write a driver to intercept filesystem calls using documented interfaces; but somehow McAfee can't get it together to grep the filesystem for malware without "going commando" all over Windows Vista in a way that requires them to rewrite the kernel. WTF?!

Courtesy: Security Curve.

I have put together a list of exploit archives here. Does anyone have some good ones I am missing? I also have exploit planet and my bloglines exploit subscriptions pointing at a few of the goodies.

HA! A company has been registered with the name "' Or 1 Equals 1 Dash Dash". The membership is open and functions as a collective i.e. you are a member just by saying you are. This legally entitles you to fill out that your company as ' or 1=1-- on any forms. As it is an entity protected by US law (it is registered in California), nobody can accuse you of illicit activities for using your organisation's name, even if it offers up admin privileges on their web application.

Nice idea Haroon, nice work Tim (Thor).

Ha! the use of ' or 1=1-- in my title messes with my HTML comments.