Dear Mr. Know-It-All, is it cool to ask call-center operators what country they're in? I'm not a bigot or opposed to outsourcing, but I like to know who I'm dealing with.

Fire away with the geolocation query, but be wary of how you broach the topic. Call-center operators deal with countless xenophobic jerks, who typically follow the "Where are you located?" question with a stream of invective. An operator may thus turn defensive in anticipation of the same treatment from you—unless you're careful with your tone and timing. "If the very first thing out of your mouth is, 'Hey, what country are you in,' I think that's rude," says Kathleen Peterson, founder of PowerHouse Consulting, which advises call-center operations. Resolve your business first, then feel free to ask about location when there's a natural lull in the conversation. At that point, make sure your voice exudes affability, as if you were simply inquiring about the weather in Omaha.

And, should you learn you're on the horn with someone on the planet's flip side, go easy on the inane chitchat. "A call-center agent has a job to do and probably doesn't want to answer questions about the population of Bangalore," says Bill Colton, president of Global Telesourcing, a call-center service provider.

The operator may decline to answer your question or try to convince you that he's in Kansas even though his accent screams Ukraine. Such deception indicates that a company either wants to hide the fact that it's outsourcing or doesn't think too highly of its customers—make a mental note of it.

I've been helping my nongeek friend build a Flash-intensive Web site. It's gotten to the point where I'm spending a dozen hours a week on it. How should I ask for compensation?

Your pal surely didn't intend to exploit you. Odds are he doesn't know how much work goes into coding—an impression you encouraged by not demanding dough up front.

Assuming you want this relationship to survive, bring up the problem without making your friend feel like a total heel. Peter D. Johnston, the author of Negotiating with Giants, recommends telling him that a sudden influx of paying gigs precludes you from doing more work, but you'd be happy to point him to a replacement. "That approach can get the issue of time and payment out on the table in a nonthreatening way," Johnston says. Presuming he's hesitant to switch horses midstream, your pal should offer to make his project worth your while.

Refrain from pressing for back pay, however, or you're likely to look like a greedy ass. Those hours you've already spent slaving away in the digital mines? Consider them a lesson in the veracity of an age-old maxim: "Never mix business with pleasure."

Illustration: Christoph Niemann Everyone in my office has sharing enabled on iTunes. One of my coworker's libraries contains several podcasts of sermons I find highly offensive—they contain lots of antigay blather. Should I confront her?

It depends on how you gleaned those sermons' content. If you couldn't help noticing incendiary titles along the lines of "Fags Go to Hell," then a little indirect confrontation is in order—tell a manager, pronto.

But if the titles were innocuous, and you thus had to listen to the podcasts in order to be offended, pause a moment before taking action. You may have a valid case, but you'll have to decide whether this fight can ever yield anything more than a Pyrrhic victory.

It would be one thing if your colleague was blasting these sermons through her speakers for all to hear—or, for that matter, telling everyone around the watercooler about the Lord's contempt for sodomites. But a shared iTunes environment such as yours is strictly opt-in—you can easily avoid listening to the offensive content.

The best meatspace parallel is a coworker who keeps a small stack of religious pamphlets in plain view, which you can just ignore. True, there have been cases in which employers have been successfully sued for writing Bible verses on paychecks or broadcasting prayers over public address systems. But those situations were a lot more in-your-face than what's going on here—in part because they involved bosses rather than colleagues, but also because the employees couldn't escape the proselytizing.

An aggressive lawyer could still argue that the mere presence of those tracks on the network creates a hostile workplace. But that strikes Mr. Know-It-All as making a sermon on the mount out of a sermon on a molehill, especially considering that the suit could very well be a loser—you might be hard-pressed to prove that the screeds, tucked away in an iTunes library, are severe or pervasive enough to constitute harassment.

As odious as you might find your coworker's views, it's probably best to give her a pass. Look on the bright side—now you know who to avoid at the office holiday party.

Need help navigating life in the 21st century? Email us at mrknowitall@wiredmag.com.

Henry Blodget has never gotten used to the chorus of hate that follows his every move. He's merely learned to live with it. When he started his personal blog in 2005, the comments dripped with disgust. "You are a boldface liar," a reader wrote. "Give me one reason why I should believe what you are writing," said another. And that was just in response to Blodget's innocuous first entry.

During his years as a star Wall Street analyst, his pronouncements were welcomed and celebrated; now he couldn't say hello without getting savaged. Just last August, TechCrunch mentioned that Blodget would be one of more than two dozen tech celebrities judging a contest for startups. Blodget knew what was coming, even if his hosts didn't. "Blodget is scum.... He is no longer the arrogant prick we saw in the '90s, but he's still scum," someone wrote. "A lot of people lost money listening to this dirtbag." "Blodget is a Web 1.0, bubble-creating has-been." "He is unethical." "He's as crooked as they come."

I meet Blodget at the offices of his new business, a year-old site called Silicon Alley Insider, shortly after the TechCrunch beat-down. Alley Insider is one of many tech business blogs that feed news, earnings info, and rumors to investors and corporate insiders. But Alley Insider has one thing that others don't. Blodget. He's smart, he's skeptical, and he's got the kind of self-assured voice that sells well in the blogosphere. As the market sinks, his opinions are even more in demand, though he's still hated by a large portion of his prospective audience.

The site shares two floors of a Manhattan office building with programmers and business staff for some of Alley Insider's sister companies, all of which were started by former DoubleClick CEO Kevin Ryan. Blodget works in a double-wide cubicle near a window, separated by a low wall from the site's two other editors. They spend their days crawling Twitter and RSS feeds, calling sources, and pumping out about a dozen daily takes on the business world, most with Digg-friendly headlines (no easy accomplishment with bone-dry business stories). "Is Facebook Distracting Us From Porn? No" is typical, or "Google's Ginormous Food Budget: $7,530 Per Googler, $72 Million a Year." Blodget tells his team to think of the site as talk radio: He wants readers to feel compelled to check in several times a day to get the Alley Insider view on everything going on in their world.

For privacy, we duck into a small conference room, and Blodget, tall and skinny, sinks into a ridiculously deep leather chair. His floppy dirty-blond hair gives him a youthful, almost carefree air, but the deep circles that ring his eyes tell a different story. He's managing a 24-hour news startup. It's midday and he's been posting since 5 am. And then there's the burden that comes with being Henry Blodget, digital punching bag.

"There are obviously a lot of folks who say, 'Now wait a minute, isn't that the guy who....'" He lets the thought trail off. He's legally barred from talking about the incidents that led to his vilification. "To them, I'm that Henry Blodget. There's not much more I can say. I still can't address specific points. So it's like, 'OK, here's my face. Throw the fruit. When you want to stop throwing the fruit, if you want to listen, great. If you don't, fine.'"

It's been almost a decade since the impulse to greet him with rotten mangos first struck. Back in 1998, as a 32-year-old analyst with investment bank CIBC, he declared that the stock price of Amazon.com would nearly double to $400. Three weeks later it did, and Blodget was a hero. Soon he packed up his spreadsheets — he's never more comfortable than when he is lining up numbers in rows and columns and teasing out their secrets — and moved to Merrill Lynch.

Investors followed the new oracle's every utterance, and bankers wanted Blodget to bless the stocks of companies they were hoping to do business with. The lines on his graphs always seemed to point one way — steeply up and to the right. He wasn't just predicting profits, he was selling a revolution: The old metrics didn't apply. Blodget may have counseled people to own only a small percentage of Internet stocks — 10 percent at the most — but nobody listened.

Then came the crash. Five trillion dollars in wealth vaporized in 24 months, leaving behind unquantifiable amounts of rage among the masses of day traders who had believed briefly that they, too, were market savants. When the bubble burst, so did Blodget's aura.

Still, it wasn't the crash alone that crushed him. It took Eliot Spitzer to turn Henry Blodget into that Henry Blodget. Spitzer, then New York's crusading attorney general, investigated Merrill in 2001 for conflicts of interest. He discovered a clutch of emails from the young analyst showing that while talking up certain stocks to clients, he was trashing them internally. Companies like 24/7 Media, Excite@Home, and InfoSpace — firms Merrill was publicly cheering — in private were deemed by Blodget to be "shit," "crap," and "junk" (respectively). According to Spitzer's findings, Blodget would have pulled in $12 million in 2001 — quadruple his earnings in 1999 — if he hadn't accepted a buyout that year. In 2003, Merrill's boy genius agreed to pay a $4 million fine and accepted a lifetime ban from working in the securities industry.

Public disgrace usually drives a person into hiding, or at least into a different career. Jerry Levin, the brains behind the disastrous AOL-Time Warner merger, today runs Moonview Sanctuary, his wife's spa; Spitzer, forced to resign as governor last summer, is currently discovering the joys of real estate management; Health South CEO Richard Scrushy, while on trial for accounting fraud, became a televangelist. Not Blodget.

One former colleague says Blodget spent the months when he was being investigated trying to grasp why he was singled out for something that was commonplace in the industry. He figured the controversy would blow over once the public realized his conduct was not unusual. "He was incredulous that the investigation got traction; he said it was silly," a friend says. But there was too much anger in the wake of the bubble, and Blodget's embarrassing emails made him an easy scapegoat. Later, when he was inclined to argue his case, the settlement terms prevented it.

So Blodget did what came naturally. He began writing about the companies he used to cover, first for Slate, then on his own blog, Internet Outsider. Was this journalism — or was it therapy? Rather than hide, he started saying in public what he had once said only in private, using the same brutally frank voice that got him in trouble with Spitzer. He marketed his notoriety to a new Web readership hungry for smart, independent analysis.

When Ryan, an Internet Outsider reader, approached him about starting an industry news site, Blodget jumped at the prospect of a bigger stage. Before working on Wall Street, he'd been a freelance writer; now he could combine the two vocations, borrowing freely from both journalism and equity research.

Through Alley Insider, Blodget is trying to erase, post by post, Spitzer's portrait of him as a duplicitous, money-grubbing shill for big business. Blodget has always believed that the Internet changed everything, so naturally he believes it has the power to change the world's perception of him. The venue offers all Henry, all the time (and even when his other writers are posting, it's clear they're channeling him). The result is a unique blend of x-ray analysis and tech evangelism.

As we talk, Blodget gets up from his chair, antsy to return to his laptop. I ask him if he understands what he's up against. If the hate has lasted this long, why expect it ever to fade away? "If all I knew about me was what I read during that period," he says, "I'd probably have the same reaction."

On a late summer morning, Blodget waits in the lobby of the Nasdaq building in midtown Manhattan. He's all banker today: blue suit, red tie, black cap-toed Oxfords, his shirt so deeply pressed there are creases down the sleeves. It's 10 am and, ready for his second breakfast, he pries open the plastic case of a turkey and Swiss sandwich and starts wolfing it down. In a few minutes he is supposed to conduct a video interview for Yahoo's Tech Ticker finance site. As soon as Blodget started appearing as a regular host in February, the Furies reemerged. "Did you not find any other decent, credible guy than Henry Blodget?" one of the first comments read. "Why spoil this new feature with such a scum and spoil the Yahoo reputation?"

As producers prepare to tape the show, Blodget wipes his crumbs off the table. He explains the guiding vision behind Alley Insider. "We don't want to do things we don't care about," he says. "It's nice to say theoretically we're the judge of what's important and what's not, but come on, give readers credit. They'll tell you immediately what they want, and that drives coverage. People are fanatically interested in Apple, Google, Microsoft. It wasn't a tough call to know what to write about."

Blodget's focus on content is matched by his apparent indifference to the look of the site. Alley Insider employs a cookie-cutter template of scrolling headlines and thumbnail photos dragged off the Web. But design limitations notwithstanding, by September the site was getting nearly 500,000 visitors a month, rivaling AllThingsDigital.com, the Wall Street Journal blog edited by Kara Swisher and Walt Mossberg. Since the beginning of the year, traffic to the site has more than doubled, and Blodget's words now carry surprising weight. When he reported early this fall that Steve Jobs may have been rushed to the hospital after a heart attack — citing an anonymous (and, as it turns out, fraudulent) post on a minor user-generated news site run by CNN called iReport — Apple's stock dropped nearly 10 percent. Critics blamed Alley Insider.

"I read The New York Times, The Economist, and Alley Insider," says Scott Galloway, head of investment equity firm Firebrand Partners, who is best known for his successful public fight to get on the board of The New York Times. "Henry takes a no-mercy, no-malice approach to Web business and media." Valleywag recently called him "the disgraced stock analyst everyone now listens to."

For all the success today, it took Blodget & Co. some time to figure out a winning formula. When Ryan, a New Yorker, launched the site in 2007, he wanted to cover the local startup and media scene. Blodget signed on as CEO and editor in chief, bought a minority stake, and hired Forbes journalists Peter Kafka and Dan Frommer to help him develop content (Kafka was later hired away by AllThingsD). The first few weeks, the site read like a tourist's guide to spotting B-list Internet companies in the big city, with each firm's location prominently announced: "NoHo-based Meetup has quietly launched a Facebook application"; "Flatiron-based YellowJacket Software has raised $1.25 million." Blodget branched out, taking on the bigger names himself — Apple, Dow Jones, NBC, JP Morgan. It quickly became clear to him that New York's tech industry was too small an arena to contain the ambition of the site. And nearly half the readers were in California anyway.

Alley Insider soon dropped its Silicon Alley focus but stuck with the moniker. And Blodget began to draw more heavily on his research experience. He created financial models of the companies he was talking about and posted the spreadsheets as Google docs so anyone could download and toy with them. He analyzed the potential revenue YouTube could bring to Google, mapping out his assumptions about viewership and ads watched, and offering a clear bottom-line conclusion. Readers weighed in with their critiques, which Blodget used to sharpen the model. He figured he wouldn't just write about Wall Street, he would also usurp part of Wall Street's business by providing high-quality research, the kind brokerage customers used to prize.

But visitors to the site wanted more than analytics. They also craved the edgier Henry of the Spitzer emails. Blodget obliged. In one post, Blodget declares New York Times economics columnist Ben Stein to be either "an idiot" or possibly just "delusional." He suggests that the anonymous sources cited by archrival TechCrunch in its reporting on Microsoft's attempt to purchase Yahoo "must have been drunk." And in November 2007, when E-Trade lost $9 billion in value as its risky mortgage bets turned to dust, Blodget offered only one piece of advice to the company's shareholders: "Cry."

"On Wall Street, I'd consistently submit a report that would say, 'This is going to be roadkill,' and it would come back rewritten as 'We see some weakness,'" Blodget says. "Now I can say, 'It's going to be roadkill.' That's very satisfying."

But even as he delights in railing against corporate giants, he's still disciplined enough to run the underlying numbers — Blodget loves the drama, but he loves the spreadsheets just as much. One post about craigslist should have been something only an accountant could love: a complex set of assumptions and analyses to determine what the company might be worth. Yet Blodget wrote the whole exercise as if it were a mystery plot, parceling out details and stringing the reader along until the very end.

When Yahoo announced this summer that it had hired Bain & Co., a consulting firm usually brought in when a company is about to start swinging the ax, Blodget sharpened his own pencil. "We're mad as hell ... especially now that Yahoo's wasting millions on Bain." He offered his own, free advice (spreadsheet attached) cataloging how many people Yahoo should fire in each division — 1,804 from its "positively obese" sales and marketing arm alone — in order to goose operating margins to a "more respectable" 20 percent from its current 7 percent. "He pushed us early on to ask, 'What does this mean for profits? How does any news affect a company's numbers?'" Frommer says. "It's great if it makes a company look bad or look good, but is this really going to affect the numbers?"

Blodget is also trying things that no mainstream-journalism-trained blogger like Swisher or GigaOm's Om Malik would ever dare. He makes serious-sounding offers to buy companies that he wants to demonstrate are significantly undervalued. It's pure showmanship, but with Blodget's background in finance and his ties to folks up and down Wall Street, no one knows just how far he will take the joke.

His first target was CNET. With the slightest of winks, he wrote post after post explaining how he'd purchase the company. At first he proposed a sort of reverse merger, with CNET buying Alley Insider for $50 million in stock, at which point Blodget's team would take over every aspect of the company. Then he detailed the operational changes he would make.

Ryan got nervous about Blodget's new direction. Blodget's deal with the government forbade him from giving individual research advice, but it didn't say anything about jumping into the private-equity space. Still, there might be legal issues. "Look, why don't we run this by a lawyer just to make sure, because we're getting into securities stuff here," he said to Blodget. When the lawyer asked them "Is this a real offer?" there was a brief silence. For the first time the two really thought about it.

"You know, yes," Ryan replied. "If they said yes, we would accept $50 million at that time to buy them. So it is a real offer. But we're actually asking them to buy us." The lawyer signed off on the convoluted reasoning.

After Blodget's taunting posts went up, investment firm JANA Partners announced a hostile takeover attempt of CNET. It failed, but by spring 2008 CBS stepped in to buy the company for $1.8 billion.

For one CNET executive, memories of Blodget's unwanted attentions still rankle. "The way you make a big name for yourself on the Web today is to make, for lack of a better word, ridiculous statements," says Zander Lurie, former senior VP of strategy and development at CNET and now CFO of CBS Interactive. Lurie found himself reassuring employees who sent him Blodget's postings and wondered whether their company was at risk. "Everyone knew there was nothing in the offering: He didn't have the capital, the expertise, or any specific insight into our business," Lurie says. "He makes the ridiculous statement and it gets sent all around, and then he claims credit when there's an event the following year, which obviously he had nothing to do with. Less than zero to do with. We all have reputations. And his track record is well known."

Blodget has been waging another half-serious acquisition fight, this time for the New York Times Company. All he wants is the Web site — the print side is dead, he says. He thinks the paper needs to cut about 80 percent of its costs, at which point it would be the perfect size to be the digital paper of record for a long time to come. "It's a serious offer from our perspective, but it hasn't been taken seriously," Blodget says.

In the wake of Wall Street's latest meltdown, Blodget finds himself in even greater demand. He's doing regular TV appearances and is posting again on Slate. When NPR wanted someone to talk about the Wall Street culture of greed, they brought in Blodget. The reporter introduced him by pointing out that Merrill is now gone, "and Henry Blodget is gone, too; he's banned from Wall Street after being charged with fraud."

"Thanks," Blodget said, stuttering for a second, "especially for that horrific introduction." They both laughed. But by the end, the host was treating Blodget like an elder statesman.

Recently Blodget has been expanding his franchise. He and Ryan have launched two sister sites: Clusterstock, which will compile and analyze Wall Street research on a much wider range of industries, and the Business Sheet, which will focus on corporate scandals. A third is in the works. For each new site, Blodget provides the bulk of the early posts, seeding the new enterprise with the Blodget touch.

Blodget is broadening beyond tech to get ready for what he sees as a coming shakeout in the news-blog industry. He says he might even start making acquisitions if the price is right. Ryan's suite of companies has raised $50 million in the past few years, possibly enough to buy out some other interesting small blogs. The winning formula for this new kind of business remains elusive: It's a matter of finding the balance between gossip and analysis, between aggregating news from other sources and doing original reporting. Revenue models that go beyond basic advertising have also been slow in coming. "If you look at the development of every new medium, there's been a new form of journalism that has been made possible by it, and there has always been this period of transition," Blodget says. "There is collective experimentation as people figure out what works and what doesn't, and usually you have some very important publications that are built."

Another way to expand is to sell to a larger media company. Blodget says he'd consider an offer, but Alley Insider is still defined almost entirely by one man. If he left, the value would plummet. Also, some media institutions — the grayer, stodgier ones — may find Blodget's unique baggage unacceptable. The endless barrage of comments, the angry mob that seems to follow him everywhere, may be too much for the sensitivities of some management teams, even in these freewheeling days of media transformation. When Blodget wrote a few small items for The New York Times, the newspaper's ombudsman went haywire. "The Times luster may help Blodget," he wrote last year, "but some of his taint rubs off on the Times."

It's just the sort of comment Blodget has come to expect from, well, everyone. That may change, but only if this latest reinvention succeeds in burying his past forever. In which case, he will have been right: The Internet really does change everything.

Senior writer Daniel Roth (daniel_roth@wired.com) wrote about the future of the electric car in issue 16.09.

In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcut—an elegant exercise hack—so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow.

He spent the next few weeks stuck at home in a Percocet-tinged haze. Before the injury, he'd spent his days testing the inner workings of software programs. Tech companies hired him to root out security holes before hackers could find them. Kaminsky did it well. He had a knack for breaking things—bones and software alike.

But now, laid up in bed, he couldn't think clearly. His mind drifted. Running hadn't worked out so well. Should he buy a stationary bike? Maybe one of those recumbent jobs would be best. He thought about partying in Las Vegas ... mmm, martinis ... and recalled a trick he'd figured out for getting free Wi-Fi at Starbucks.

As his arm healed, the details of that Starbucks hack kept nagging at him. He remembered that he had gotten into Starbucks' locked network using the domain name system, or DNS. When someone types google .com into a browser, DNS has a list of exactly where Google's servers are and directs the traffic to them. It's like directory assistance for the Internet. At Starbucks, the port for the low-bandwidth DNS connection—port 53—was left open to route customers to the Pay for Starbucks Wi-Fi Web page.

So, rather than pay, Kaminsky used port 53 to access the open DNS connection and get online. It was free but super-slow, and his friends mocked him mercilessly. To Kaminsky that was an irresistible challenge. After weeks of studying the minutiae of DNS and refining his hack, he was finally able to stream a 12-second animated video of Darth Vader dancing a jig with Michael Flatley. (The clip paired the Lord of the Sith with the Lord of the Dance.)

That was more than a year ago, but it still made him smile. DNS was the unglamorous underbelly of the Internet, but it had amazing powers. Kaminsky felt drawn to the obscure, often-ignored protocol all over again.

Maybe the painkillers loosened something in his mind, because as Kaminsky began to think more deeply about DNS he became convinced that something wasn't right. He couldn't quite figure it out, but the feeling stuck with him even after he stopped taking the pain pills. He returned to work full time and bought a recumbent stationary bike. He got hired to test the security of Windows Vista before it was released, repeatedly punching holes in it for Microsoft. Still, in the back of his mind, he was sure that the entire DNS system was vulnerable to attack.

Then last January, on a drizzly Sunday afternoon, he flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages.

Suddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain. The server didn't know that the Web page didn't exist—it was listening to Kaminsky now, as if it had been hypnotized.

When DNS was created in 1983, it was designed to be helpful and trusting—it's directory assistance, after all. It was a time before hacker conventions and Internet banking. Plus, there were only a few hundred servers to keep track of. Today, the humble protocol stores the location of a billion Web addresses and routes every piece of Internet traffic in the world.

Security specialists have been revamping and strengthening DNS for more than two decades. But buried beneath all this tinkering, Kaminsky had just discovered a vestige of that original helpful and trusting program. He was now face-to-face with the behemoth's almost childlike core, and it was perfectly content to accept any information he wanted to supply about the location of the Fortune 500 company's servers.

Kaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet's infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone's email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?

The vulnerability gave him the power to transfer millions out of bank accounts worldwide. He lived in a barren one-bedroom apartment and owned almost nothing. He rented the bed he was lying on as well as the couch and table in the living room. The walls were bare. His refrigerator generally contained little more than a few forgotten slices of processed cheese and a couple of Rockstar energy drinks. Maybe it was time to upgrade his lifestyle.

Or, for the sheer geeky joy of it, he could reroute all of .com into his laptop, the digital equivalent of channeling the Mississippi into a bathtub. It was a moment hackers around the world dream of—a tool that could give them unimaginable power. But maybe it was best simply to close his laptop and forget it. He could pretend he hadn't just stumbled over a skeleton key to the Net. Life would certainly be less complicated. If he stole money, he'd risk prison. If he told the world, he'd be the messenger of doom, potentially triggering a collapse of Web-based commerce.

But who was he kidding? He was just some guy. The problem had been coded into Internet architecture in 1983. It was 2008. Somebody must have fixed it by now. He typed a quick series of commands and pressed enter. When he tried to access the Fortune 500 company's Web site, he was redirected to an address he himself had specified.

"Oh shit," he mumbled. "I just broke the Internet."

Paul Vixie, one of the creators of the most widely used DNS software, stepped out of a conference in San Jose. A curious email had just popped up on his laptop. A guy named Kaminsky said he'd found a serious flaw in DNS and wanted to talk. He sent along his phone number.

Vixie had been working with DNS since the 1980s and had helped solve some serious problems over the years. He was president of the Internet Systems Consortium, a nonprofit that distributed BIND 9, his DNS software. At 44, he was considered the godfather of DNS. If there was a fundamental error in DNS, he probably would have fixed it long ago.

But to be on the safe side, Vixie decided to call Kaminsky. He picked up immediately and within minutes had outlined the flaw. A series of emotions swept over Vixie. What he was hearing shouldn't be possible, and yet everything the kid said was logical. By the end of the third minute, Vixie realized that Kaminsky had uncovered something that the best minds in computer science had overlooked. This affected not just BIND 9 but almost all DNS software. Vixie felt a deep flush of embarrassment, followed by a sense of pure panic.

"The first thing I want to say to you," Vixie told Kaminsky, trying to contain the flood of feeling, "is never, ever repeat what you just told me over a cell phone."

Vixie knew how easy it was to eavesdrop on a cell signal, and he had heard enough to know that he was facing a problem of global significance. If the information were intercepted by the wrong people, the wired world could be held ransom. Hackers could wreak havoc. Billions of dollars were at stake, and Vixie wasn't going to take any risks.

From that moment on, they would talk only on landlines, in person, or via heavily encrypted email. If the information in an email were accidentally copied onto a hard drive, that hard drive would have to be completely erased, Vixie said. Secrecy was critical. They had to find a solution before the problem became public.

Andreas Gustafsson knew something was seriously wrong. Vixie had emailed the 43-year-old DNS researcher in Espoo, Finland, asking to talk at 7 pm on a hardwired line. No cell phones.

Gustafsson hurried into the freezing March evening—his only landline was the fax in his office a brisk mile walk away. When he arrived, he saw that the machine didn't have a handset. Luckily, he had an analog phone lying around. He plugged it in, and soon it let off an old-fashioned metallic ring.

Gustafsson hadn't spoken to Vixie in years, but Vixie began the conversation by reading aloud a series of numbers—a code that would later allow him to authenticate Gustafsson's emails and prove that he was communicating with the right person. Gustafsson responded with his own authenticating code. With that out of the way, Vixie got to his point: Find a flight to Seattle now.

Wouter Wijngaards got a call as well, and the message was the same. The Dutch open source programmer took the train to the airport in Amsterdam, got on a 10-hour flight to Seattle, and arrived at the Silver Cloud Inn in Redmond, Washington, on March 29. He had traveled all the way from Europe, and he didn't even know why. Like Gustafsson, he had simply been told to show up in Building Nine on the Microsoft campus at 10 am on March 31.

In the lobby of the Silver Cloud, Wijngaards met Florian Weimer, a German DNS researcher he knew. Weimer was talking with Chad Dougherty, the DNS point man from Carnegie Mellon's Software Engineering Institute. Wijngaards joined the conversation—they were trying to figure out where to have dinner. Nobody talked about why some of the world's leading DNS experts happened to bump into one another near the front desk of this generic US hotel. Vixie had sworn each of them to secrecy. They simply went out for Vietnamese food and avoided saying anything about DNS.

The next morning, Kaminsky strode to the front of the conference room at Microsoft headquarters before Vixie could introduce him or even welcome the assembled heavy hitters. The 16 people in the room represented Cisco Systems, Microsoft, and the most important designers of modern DNS software.

Vixie was prepared to say a few words, but Kaminsky assumed that everyone was there to hear what he had to say. After all, he'd earned the spotlight. He hadn't sold the discovery to the Russian mob. He hadn't used it to take over banks. He hadn't destroyed the Internet. He was actually losing money on the whole thing: As a freelance computer consultant, he had taken time off work to save the world. In return, he deserved to bask in the glory of discovery. Maybe his name would be heralded around the world.

Kaminsky started by laying out the timeline. He had discovered a devastating flaw in DNS and would explain the details in a moment. But first he wanted the group to know that they didn't have much time. On August 6, he was going to a hacker convention in Las Vegas, where he would stand before the world and unveil his amazing discovery. If there was a solution, they'd better figure it out by then.

But did Kaminsky have the goods? DNS attacks were nothing new and were considered difficult to execute. The most practical attack—widely known as cache poisoning—required a hacker to submit data to a DNS server at the exact moment that it updated its records. If he succeeded, he could change the records. But, like sperm swimming toward an egg, whichever packet got there first—legitimate or malicious—locked everything else out. If the attacker lost the race, he would have to wait until the server updated again, a moment that might not come for days. And even if he timed it just right, the server required a 16-bit ID number. The hacker had a 1-in-65,536 chance of guessing it correctly. It could take years to successfully compromise just one domain.

The experts watched as Kaminsky opened his laptop and connected the overhead projector. He had created a "weaponized" version of his attack on this vulnerability to demonstrate its power. A mass of data flashed onscreen and told the story. In less than 10 seconds, Kaminsky had compromised a server running BIND 9, Vixie's DNS routing software, which controls 80 percent of Internet traffic. It was undeniable proof that Kaminsky had the power to take down large swaths of the Internet.

The tension in the room rose as Kaminsky kept talking. The flaw jeopardized more than just the integrity of Web sites. It would allow an attacker to channel email as well. A hacker could redirect almost anyone's correspondence, from a single user's to everything coming and going between multinational corporations. He could quietly copy it before sending it along to its original destination. The victims would never know they had been compromised.

This had serious implications. Since many "forgot my password" buttons on banking sites rely on email to verify identity, an attacker could press the button, intercept the email, and change the password to anything he wanted. He would then have total access to that bank account.

"We're hosed," Wijngaards thought.

It got worse. Most Internet commerce transactions are encrypted. The encryption is provided by companies like VeriSign. Online vendors visit the VeriSign site and buy the encryption; customers can then be confident that their transactions are secure.

But not anymore. Kaminsky's exploit would allow an attacker to redirect VeriSign's Web traffic to an exact functioning replica of the VeriSign site. The hacker could then offer his own encryption, which, of course, he could unlock later. Unsuspecting vendors would install the encryption and think themselves safe and ready for business. A cornerstone of secure Internet communication was in danger of being destroyed.

David Ulevitch smiled despite himself. The founder of OpenDNS, a company that operates DNS servers worldwide, was witnessing a tour de force—the geek equivalent of Michael Phelps winning his eighth gold medal. As far as Ulevitch was concerned, there had never been a vulnerability of this magnitude that was so easy to use. "This is an amazingly catastrophic attack," he marveled with a mix of grave concern and giddy awe.

It was a difficult flight back to San Francisco for Sandy Wilbourn, vice president of engineering for Nominum, a company hired by broadband providers to supply 150 million customers with DNS service. What he heard in Redmond was overwhelming—a 9 out of 10 on the scale of disasters. He might have given it a 10, but it was likely to keep getting worse. He was going to give this one some room to grow.

One of Wilbourn's immediate concerns was that about 40 percent of the country's broadband Internet ran through his servers. If word of the vulnerability leaked, hackers could quickly compromise those servers.

In his Redwood City, California, office, he isolated a hard drive so no one else in the company could access it. Then he called in his three top engineers, shut the door, and told them that what he was about to say couldn't be shared with anyone—not at home, not at the company. Even their interoffice email would have to be encrypted from now on.

Their task: Make a change to the basic functioning of Nominum's DNS servers. They and their customers would have to do it without the usual testing or feedback from outside the group. The implementation—the day the alteration went live to millions of people—would be its first real-world test.

It was a daunting task, but everyone who had been in Redmond had agreed to do the same thing. They would do it secretly, and then, all together on July 8, they would release their patches. If hackers didn't know there was a gaping DNS security hole before, they would know then. They just wouldn't know exactly what it was. Nominum and the other DNS software vendors would have to persuade their customers—Internet service providers from regional players such as Cablevision to giants like Comcast—to upgrade fast. It would be a race to get servers patched before hackers figured it out.

Though the Redmond group had agreed to act in concert, the patch—called the source port randomization solution—didn't satisfy everyone. It was only a short-term fix, turning what had been a 1-in-65,536 chance of success into a 1-in-4 billion shot.

Still, a hacker could use an automated system to flood a server with an endless stream of guesses. With a high-speed connection, a week of nonstop attacking would likely succeed. Observant network operators would see the spike in traffic and could easily block it. But, if overlooked, the attack could still work. The patch only papered over the fundamental flaw that Kaminsky had exposed.

On July 8, Nominum, Microsoft, Cisco, Sun Microsystems, Ubuntu, and Red Hat, among many others, released source port randomization patches. Wilbourn called it the largest multivendor patch in the history of the Internet. The ISPs and broadband carriers like Verizon and Comcast that had been asked to install it wanted to know what the problem was. Wilbourn told them it was extremely important that they deploy the patch, but the reason would remain a secret until Kaminsky delivered his talk in Las Vegas.

Even as Kaminsky was giving interviews about the urgency of patching to media outlets from the Los Angeles Times to CNET, the computer security industry rebelled. "Those of us ... who have to advise management cannot tell our executives 'trust Dan,'" wrote one network administrator on a security mailing list. On one blog, an anonymous poster wrote this to Kaminsky: "You ask people not to speculate so your talk isn't blown but then you whore out minor details to every newspaper/magazine/publishing house so your name can go all over Google and gain five minutes of fame? This is why people hate you and wish you would work at McDonald's instead."

With a backlash building, Kaminsky decided to reach out to a few influential security experts in hopes of winning them over. He set up a conference call with Rich Mogull, founder of Securosis, a well-respected security firm; researcher Dino Dai Zovi; and Thomas Ptacek, a detractor who would later accuse Vixie and Kaminsky of forming a cabal.

The call occurred July 9. Kaminsky agreed to reveal the vulnerability if Mogull, Dai Zovi, and Ptacek would keep it secret until the Vegas talk August 6. They agreed, and Kaminsky's presentation laid it out for them. The security experts were stunned. Mogull wrote, "This is absolutely one of the most exceptional research projects I've seen." And in a blog post Ptacek wrote, "Dan's got the goods. It's really f'ing good."

And then, on July 21, a complete description of the exploit appeared on the Web site of Ptacek's company. He claimed it was an accident but acknowledged that he had prepared a description of the hack so he could release it concurrently with Kaminsky. By the time he removed it, the description had traversed the Web. The DNS community had kept the secret for months. The computer security community couldn't keep it 12 days.

About a week later, an AT&T server in Texas was infiltrated using the Kaminsky method. The attacker took over google.com—when AT&T Internet subscribers in the Austin area tried to navigate to Google, they were redirected to a Google look-alike that covertly clicked ads. Whoever was behind the attack probably profited from the resulting increase in ad revenue.

Every day counted now. While Kaminsky, Vixie, and the others pleaded with network operators to install the patch, it's likely that other hacks occurred. But the beauty of the Kaminsky attack, as it was now known, was that it left little trace. A good hacker could reroute email, reset passwords, and transfer money out of accounts quickly. Banks were unlikely to announce the intrusions—online theft is bad PR. Better to just cover the victims' losses.

On August 6, hundreds of people crammed into a conference room at Caesars Palace to hear Kaminsky speak. The seats filled up quickly, leaving a scrum of spectators standing shoulder to shoulder in the back. A group of security experts had mockingly nominated Kaminsky for the Most Overhyped Bug award, and many wanted to know the truth: Was the massive patching effort justified, or was Kaminsky just an arrogant, media-hungry braggart?

While his grandmother handed out homemade Swedish lace cookies, Kaminsky took the stage wearing a black T-shirt featuring an image of Pac-Man at a dinner table. He tried for modesty. "Who am I?" he asked rhetorically. "Some guy. I do code."

The self-deprecation didn't suit him. He had the swagger of a rock star and adopted the tone of a misunderstood genius. After detailing the scope of the DNS problem, he stood defiantly in front of a bullet point summary of the attack and said, "People called BS on me. This is my reply."

By this time, hundreds of millions of Internet users were protected. The bomb had been defused. The problem was, there was little agreement on what the long-term solution should be. Most discussion centered around the concept of authenticating every bit of DNS traffic. It would mean that every computer in the world—from iPhones to corporate server arrays—would have to carry DNS authentication software. The root server could guarantee that it was communicating with the real .com name server, and .com would receive cryptological assurance that it was dealing with, say, the real Google. An impostor packet wouldn't be able to authenticate itself, putting an end to DNS attacks. The procedure is called DNSSEC and has high-profile proponents, including Vixie and the US government.

But implementing a massive and complicated protocol like DNSSEC isn't easy. Vixie has actually been trying to persuade people for years, and even he hasn't succeeded. Either way, the point might turn out to be moot. Kaminsky ended his Las Vegas talk by hinting that even darker security problems lay ahead. It was the type of grandstanding that has made him a polarizing figure in the computer security community. "There is no saving the Internet," he said. "There is postponing the inevitable for a little longer."

Then he sauntered off the stage and ate one of his grandma's cookies.

Contributing editor Joshua Davis(www.joshuadavis.net) wrote about the rescue of the foundering Cougar Ace in issue 16.03.

I love the movies. I love the environment. I love movies about the environment, especially ecological-disaster flicks—oh, the hilarity! From the atomic-paranoia-fueled Pandora's boxes of the '50s (Them!, Godzilla) and the hapless "nature's revenge" flicks of the Love Canal era (The Swarm, Piranha) to the budget-busting disaster epic (2004's The Day After Tomorrow, best remembered for a scene in which Climate Change implacably pursues Jake Gyllenhaal), commercial attempts to put a high-minded, hortatory gloss on schlocky genre cinema are always good for a guffaw. My favorite would have to be Frogs, the 1972 "thriller" whose trailer intoned, "Suppose nature gave a war ... and everybody came?" (That's good, but it should've read, "Suppose Hollywood covered aging Oscar-winner Ray Milland in confused, nonunion amphibians ... and everybody laughed?")

The dopiness of so-called ecotainment—environmentally virtuous entertainment—rises in direct proportion to its message-mongering. In this way, it's no different from the Christian inspirational flick. To be sure, many classics prey upon our ecological anxieties—The Birds, Jaws, and Jurassic Park come to mind. But these highlight the indomitable and inscrutable brutality of nature, not the need for better stewardship of a beleaguered planet. They're the children of Moby-Dick, not Silent Spring. Even in these jittery, post-Inconvenient Truth days of rising seas, killer storms, and T. Boone Pickens TV spots, blockbuster-scale ecotainment is still the poseur spawn of Towering Inferno-style disaster matinee and Silkwood-esque docudrama. The subject matter simply resists Hollywood idiocy: Environmental problems are complex and holistic, whereas mainstream movies thrive on conspicuous good/evil dichotomies that flatter our binary human minds. To oversimplify: Nature is Gore-ville; blockbusters are Bush country.

That said, explicit, heart-on-sleeve ecothemes are leaking into mainstream movies. Let us avert our eyes from the Superfund site that was M. Night Shyamalan's The Happening (the crazed Claritin commercial Hitchcock never made) to consider the Seuss-meets-Kubrick trashscapes of Wall-E, the pissed-off pagan nature-spirits of Hellboy II, and the water-hoarding, greenwashing Bond villain in Quantum of Solace. And there are more storms brewing: The Thaw, about a deadly parasite unleashed by melting polar ice caps; Strays, which strands four Americans in a clicking-hot Russian nuke-opolis; Creature From the Black Lagoon, reimagined as a dying-ocean parable; and 2012, a world-ender from disaster-master Roland Emmerich, director of The Day After Tomorrow. As the headlines worsen and vague notions of fear and collective guilt harden into urgent, palpable catastrophes, the greenocalypse, as a premise, looks more and more muscular.

Before this beefed-up, camp-free ecotrend can continue, however, it must pass its ultimate legitimacy test: Keanu Reeves. He's starring in a Category 5 environmentally minded remake of The Day the Earth Stood Still—an antiwar-message movie from 1951—invading theaters in December. Fox has been "trying to remake this since the original," says screenwriter David Scarpa. "Ray Bradbury did a draft in 1980." Now that humankind has finally generated a worthy successor to nuclear Armageddon, the studio has pulled the trigger. Keanu plays Klaatu, the wise alien who, in the original, landed in DC with his chaperone, the chrome killbot Gort, and began counseling against atomic brinkmanship with the USSR. This time, he's an unearthly Earth-firster who chides our planet-raping ways—and backs up his critique with lethal action (Gort again—but updated).

Retributive genocide—pretty ballsy stuff. But it risks putting capital-M Message ahead of thrills and dramatic fireworks—a hazard of ecotainment that Scarpa calls the "on-the-nose thing." "People don't want to be preached to about the environment," he says. "We tried to avoid having our alien looking out over the garbage in the lake and crying a silent tear, like the Indian in that '70s commercial." In the original, Klaatu delivers a climactic speech to the world's top scientists. Scarpa scrapped it: "I don't think audiences today are willing to tolerate that."

Even if the environmental threat still hasn't achieved silver-screen credibility on a par with nuclear devastation or even terrorist attack, it's gaining. And that gives me hope. Hope that the species may survive to make bad movies about tomorrow's man-created crises. Hope that we'll someday remake The Day After Tomorrow as a campy commentary on our catastrophic overabundance of fresh air and bluebirds.

Email scott_brown@wired.com.