I’m happy to show off the first phase of our new OpenDNS Dashboard, which we launched today. Today’s overhaul makes the settings area of the Dashboard dramatically easier to use. But first, let me explain what was wrong with the older version.

Our old settings page on the Dashboard succumbed to feature bloat and became hard to navigate. The left side navigation was lengthy and unintuitive — and not just to novice Internet users but even to our power users. Every feature we added just became a new navigational element on the left side of the page. And most of those features only had one option! The reason this happened is simple — we like to constantly iterate on feedback from all of you and that means we roll out new features all the time. While we love that part, it doesn’t work so well when you are trying to provide a consistent and intuitive interface for users.

Our goals for the new settings page were very clear:

1. Make the interface dramatically easier to use for novice Internet users.
2. Don’t remove any of the existing functionality.
3. Provide the level of detail our power users demand.

It was a tall order, but our all-star engineering team was able to do it. Without further ado, here’s a quick walk-through:

Left side navigation

The left side navigation has been cut from 11 different choices down to 3. Content Filtering, Customization and Advanced Settings. Content Filtering is where you can block categories of sites, block individual domains, or whitelist domains. It’s all in one place. Customization is where you can modify the look and feel of the OpenDNS Guide and blocked pages with your own logo and messaging. Advanced Settings, like it sounds, is one page with all of our various knobs and checkboxes where you can tailor our service to best meet your needs.

Content Filtering

The Content Filtering page was previous spread out over four different pages. Now it’s just one. You can use one of our preset bundles of filters or customize things to pick and choose from any of the 50+ categories we have available. Just below the categories you’ll see a much simpler way of individually allowing and blocking domains that you want to exclude from category blocking. An example for this might be if you block the Social Networking category but want to “always allow” the business social networking website LinkedIn.

Advanced Settings

This page has all the knobs. If you want to turn off stats processing, you do it here. If you want to make sure OpenDNS works with your VPN, you can do it here. All on one page. We’ve also updated all the text to make things more clear and easier to understand.

There are a lot of other small usability tweaks that have gone into making this settings page as easy to use as possible. Go take it for a spin and let us know what you think.

A number of our users have written in today asking if OpenDNS is vulnerable to the recent multi-vendor DNS security issue disclosed today by my good friend and security researcher Dan Kaminsky.

I’m very proud to announce that we are one of the only DNS vendor / service providers that was not vulnerable when this issue was first discovered by Dan. During Dan’s testing he confirmed (and we later confirmed) that our DNS implementation is not susceptible to the attack that was discovered. In other words, if you used OpenDNS then you were already protected long before this attack was even discovered.

In fact, for those of you who were listening in on the Microsoft press call this morning, you’ll note that OpenDNS was suggested as the easy and simple solution for anyone who can’t upgrade their DNS infrastructure today. Pointing your DNS servers to forward requests to OpenDNS and firewalling all other DNS traffic off at your server will help mitigate this risk.

We’re going to write more about this issue in the next 24 hours to address the vulnerability in detail and explain why we aren’t affected but I wanted to get the word out now so that you know you are safe using OpenDNS.

Thanks and happy resolving…

Update: Bert Hubert, author of PowerDNS, alerted me to the fact that PowerDNS was also not vulnerable when this issue was discovered. That’s not surprising considering Bert is one of the authors of the wonderful DNS forgery resilience Internet Draft that has recently been published. I updated the statement in bold appropriately.

SysAdmin Appreciation Day, which is one of our favorite holidays here in the office, is right around the corner. We did a bunch of cool stuff last year but this year we’re going all in and hosting a huge party honoring all you fine people who keep the Internets running.

If you’re local to San Francisco, we invite you to come celebrate with us. Register for a ticket here. The tickets are free, but we’ll be checking names at the door.

Since the timing is right we’re also celebrating the second birthday of OpenDNS. So even if you aren’t a SysAdmin, you are still welcome at our party. I hope to see you there!

Event details:

What: OpenDNS SysAdmin Day Celebration and Birthday
Date: July 23, 2008
Location: Fluid Ultra Lounge, San Francisco, CA
Time: 6 - 9 p.m.

We just posted PhishTank statistics for April 2008. No major surprises: The United States is, for the thirteenth straight month, hosting more phishes than any other country; A group of large banks, eBay, and PayPal round out the top most spoofed brands; And the PhishTank community of submitters and verifiers continues to have an impressively high accuracy rate.

The headlines tell us the phishers are not giving up. Seemingly every week we see reports of a new type of phishing scam. This week it’s Google AdWords phishing, where AdWords account holders are sent emails alerting them their account needs updating. The account holder logs into the spoofed AdWords interface and hands over their credit card information.

The AdWords phishing scam is interesting to me largely because, in lots of cases, it’s targeting businesses. People understand identity theft. But what happens when a business’s identity is stolen? There’s no easier or more efficient avenue to get reimbursed for a business than for an individual. Basically, whether you represent yourself or your company, you have to go to your credit card company and beg for forgiveness. (Whether or not it should be the banks — some of the most commonly spoofed brands — that are responsible for reimbursing money stolen through phishing is part of a separate debate.)

And the spoofed AdWords account interfaces, at least the ones I’ve seen, are good. I can easily understand how the marketing person tasked with managing AdWords for their company could be fooled. I know plenty of small and mid-size companies that rely on online advertising to drive traffic to their site, and see huge dents in revenue when something goes wrong and the traffic doesn’t come. That marketing person has plenty of incentive to make sure their account information isn’t wrong and nothing is preventing potential customers from seeing their ads.

Experts repeat the same warning about AdWords phishing that we’ve all heard about phishing in general for years: Educate yourself about phishing and look skeptically at URLs. Remember that as a general rule, you won’t be warned via e-mail that your account has been compromised, so if you are ever encouraged via e-mail to login to an account and update information, proceed with caution and look closely at the URL you’re encouraged to click.

Take for example, one of the AdWords phishes someone submitted to PhishTank. See the “d0l9i.cn” in the middle of the URL? If you open a new window and load http://adwords.google.com/select/login, you’ll see the real site’s URL doesn’t include that series of characters. That should be a red flag.

[NOTE: This is a known, verified phishing site. We recommend you do NOT visit it.]

OpenDNS users and users of other services leveraging PhishTank data — McAfee, Opera, Yahoo! Mail, Kaspersky Labs, to name a few — have an extra line of defense when it comes to phishing — they benefit from PhishTank and the wisdom of the community. But it’s abolsutely a good idea to learn to look for inconsistencies in URLs and think twice before providing sensitive information online, whether it’s your own or your company’s.

This is my first post to this blog and probably a good time to introduce myself as one of the developers here at OpenDNS. I do a lot of work on Domain Tagging, and in the past few weeks have made a bunch of changes that make Domain Tagging faster than ever. That means domains get verified faster, added to categories faster and blocked faster.

I’d also like to welcome 7 new moderators we brought onboard this week. We’re really happy to have them help out, and I’m sure they’re also excited to be a part of the moderator community. So welcome guys, you’re a huge asset to a great community!

The Domain Tagging system has been a huge success for us, and for everyone who uses it. Here’s a few numbers to illustrate:

31: The number of categories the system had when we launched in late February.

53: The number of categories in the Domain Tagging system today.

15,000: The number of decided domains in the “Proxy/Anonymizer” category.

Note: This number doesn’t even include the domains from St. Bernard, which number in the millions.

418,701: The number of decided domains system-wide.

903,536: Number of domains submitted to Domain Tagging (so close to a milestone…)

4 Million: The number of Internet users whose experience is made safer by Domain Tagging.

Have a great weekend!