The Stop Online Piracy Act (SOPA) and its senate-version counterpart, PROTECT IP (PIPA), are poorly thought-out, ineffective measures that completely miss the mark in their aims to address Internet piracy and copyright infringement. And yesterday, the amassing opposition to these bills won a small victory: Senator Leahy, one of the main sponsors of PIPA, blinked. He backpedaled. Senator Leahy officially committed to an amendment that would investigate the effects of his bill before it’s instituted:

“Through this process, [I] have continued to hear concerns about the Domain Name provision from engineers, human rights groups, and others. I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest. Nonetheless, this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”

It would seem the most knowledgeable people in the world about the Domain Name System and how the proposed technology would impact the Internet — whom are vocal in their opposition to the bills — are finally getting through to Leahy and other legislators. This list of folks includes us, the world’s largest DNS provider. OpenDNS stands firmly against SOPA and PIPA. I’ve spent time in Washington D.C. in an effort to educate decision makers about the detriments that lie ahead should the bills pass. I’ve authored and signed letters. I’ve blogged and spoken out. And our efforts are working.

It’s critically important that Leahy follows through on his commitment, and that everyone in the technical community continues to use their expertise to educate non-technical government officials associated with the bills. Because while Leahy appears to be acknowledging that his bill is imperfect, SOPA co-sponsor Rep. Lamar Smith is standing his ground. “It is amazing to me that the opponents apparently don’t want to protect American consumers and businesses,” he told Reuters. Sadly, his rhetoric couldn’t be further from the truth. Hopefully someone on his staff will show him this blog post to point out the ridiculousness of his bill.

So, a small victory, but for now the battle against both bills rages on.

If you want to get involved, AmericanCensorship.org is an excellent resource.

The holidays are upon us, but it’s not all gift giving, tree trimming and eggnog drinking. This is also the time of year when scammers come out in force. While OpenDNS is the single best way to protect yourself and your loves ones from phishing and forgeries, education is key. To complement our great phishing quiz my colleague Erin posted about here, we’ve compiled a list of the most common, and tricky, holiday phishing scams. Brush up, take note and avoid getting duped.

Scam: Air Travel Deals

With so many travelers still scrambling to buy last-minute air tickets, it’s important to be extremely careful when clicking through to an airline’s website from a promotional email. Phishing websites like this one spoofing American Airlines are not legitimate. The URL for this one, www.aa-advantager.com, is the giveaway — even though it’s close to the real domain (www.aa.com).

Scam: Holiday Shopping

If you’re like me, you’re doing most of your holiday shopping online this year. So it’s no surprise that scammers are spoofing websites like eBay (one of the most spoofed brands in phishing scams all year long) and trying to trick shoppers into entering their login credentials. When doing shopping online, the safest way to get to your destination site is to type its URL directly into your address bar.

Scam: Money Transfers

For better or worse, lots of people skip the gift buying altogether and just give cash. That’s why we’re including money transfer-themed phishes on our list. We can’t stress enough: any time you deal in currency online, be extra careful. The safest way to get to a website is to type its URL straight into your address bar.

Scam: Connect with Loved Ones

No doubt Skype usage increases during the holidays when the revolutionary service is used to see the smiling faces of family members abroad. But we all need to take great caution when phishes this sophisticated exist. Note that while the URL (http://skype.host.org/account/signin_form.php) is very convincing, it’s not the real Skype domain.

Today we unveil DNSCrypt, a new security tool we’ve developed that has been on our minds for a long time. It has a simple but important function: encrypt all DNS traffic between you and OpenDNS. Nothing else like it exists, and we have very high expectations for the positive impact it can have on the Internet security and privacy of millions of people around the world.

DNS is a critical part of the Internet’s infrastructure, and though a good deal of attention has been paid to improving its security in recent years with DNSSEC, an important part has been overlooked. It’s what’s often referred to as the “last mile,” or the connection between you and your ISP or your DNS provider, if you use a DNS service like OpenDNS. It’s in this “last mile” that bad things are most likely to happen — snooping, tampering, or even hijacking traffic. Anyone who knows what they’re doing can eavesdrop on your Internet activity and see exactly which domains you are resolving, and in many cases, what websites you’re visiting.

It happens all the time on insecure networks at coffee shops, and even residences. Some ISPs have even been accused of spying on their customers’ activity. What’s worse, the “last mile” is ripe for man-in-the-middle attacks, where an intermediary injects themselves into your traffic path masquerading as your intended destination, but all the while, being able to see and modify your traffic. This leaves little confidence for the Internet user.

DNSCrypt changes this and has the potential to completely revolutionize Internet security. DNS has, unfortunately, always had some inherent weaknesses because it’s transported in plain text. DNSSEC has never attempted to address that (crazy, I know). Encrypting all DNS traffic means a fundamental change to the security of the system on the whole and a strong improvement. It’s not the only solution, and there’s still an important place for verification and validation of domains like DNSSEC provides, but it’s a very strong first step.

We’ve been sharing DNSCrypt with security experts over the past several weeks and the feedback has been phenomenal. A tool like DNSCrypt is critically necessary to ensure the security of DNS going forward. DNSCrypt is a “technology preview” today, and the code is being open-sourced. For the über-nerds, our implementation is the first (known) implementation of the forwarder ideas expressed in the DNSCurve community, which many will recall, we were one of the first to implement.

Download DNSCrypt today and try it for yourself.

One of our most important goals at OpenDNS is educating people on Internet dangers so they can make informed choices on how to best manage their networks. Last week we released a phishing quiz, hoping we could show people just how difficult it is to spot the difference between a phishing site and the real website.

The quiz was designed to be difficult, but our users were hoping for something more than a challenge. The comments poured in, encouraging us to create a powerful educational tool that you could use to help teach people how to avoid getting phished.

You had our attention. Many of you, who know that cyber criminals can create exact replicas of real sites by simply copying the image and hosting it at a different domain, were frustrated that the quiz didn’t include URLs. Others, hoping to use the quiz to teach friends and family about the dangers of phishing, asked us to create something that showed why seemingly legit sites were actually phishes.

So, we incorporated your feedback into a new version of the quiz. We hope you’ll find this to be a useful tool to help people learn the dangers of phishing, and how to avoid them. As always, the easiest way to avoid getting phished is to use OpenDNS. That’s because OpenDNS runs PhishTank, the world’s largest community-powered online clearinghouse for phishing, and uses it to automatically block phishing sites for all OpenDNS users.

Take the quiz now!

OpenDNS moderators are Internet security superheroes that make sure our Web filtering is the safest and most useful it can be for millions of people around the world, and they are invaluable to Internet safety and the safety of our users. It’s a huge badge of honor to wear. So who are they and what do they do?

To better explain what a moderator does, let’s quickly revisit the process for how domain categorization works. First, someone submits a domain (or website) to be classified into the most appropriate of OpenDNS’s 57 categories. Users then vote on how the domain should be categorized.  After a certain voting threshold is reached, which varies from category to category, the moderator steps onto the scene.  Moderators thoughtfully review the websites, with their keen eyes and Internet prowess, and make a final decision on categorization. The domain is then “tagged” in the appropriate categories and blocked for anyone who has chosen to enable filtering of that category.

So what does it take to be a moderator? Well, you don’t necessarily need a Ph.D. in computer science, a job at NASA or fluency in HTML. Our current team of moderators is made up of people from nearly every profession, including (but not limited to) OpenDNS staff members, SysAdmins, software engineers and even stay-at-home parents. And OpenDNS moderators live in places all over the world, including India, Brazil, Italy, Canada, Switzerland and more. What they all have in common is a single passion for making the Internet safer by working together to ensure speed and accuracy in the domain tagging process.

If you think you’re a good fit, and want to have a vested interest in making the Internet a safer place, simply fill out the form below and we’ll contact you soon. It’s that easy

Update: We’ve created a new version of the phishing quiz that now includes URLs and feedback on why some seemingly legit sites are actually phishes. Take the quiz again to see how well you do.

Could you be duped by a phishing scam? Most of us familiar with the usual phishing tactics tend to think we’re skilled at recognizing scam sites. But as phishing becomes increasingly sophisticated, it’s getting harder and harder to distinguish real sites vs. scams.

If you’re using OpenDNS, you and yours are protected from phishing sites. We use data from PhishTank — which we operate — the largest clearinghouse of phishing data online. But even with OpenDNS, the single best defense against phishing is education. Knowing how to spot a phish means you’re less likely to click a phishing link in the first place.

With the holiday season upon us, what better time than now to brush up on phish-spotting skills? We crafted a quiz that asks you to identify whether 10 homepage images are those of real or phishing websites. Consensus is that showing the URLs for the sites makes the quiz too easy, so we’ve hidden them.

A quick refresher on spotting phishing before you get started:

Take the quiz now!

OpenDNS.com has been redesigned to make resources more readily-available, and offer more insight into why OpenDNS is the best way to secure your network from threats at the DNS layer.

Let’s go for a quick tour:

• The Technology section is brand new. Here we dive into how OpenDNS works, including details about our sophisticated Anycast routing technology and globally-distributed network. We also show you why OpenDNS is so fast and so reliable, and how our service has been designed from the ground up to ensure 100% uptime. The new section includes an interactive network map that tells you which of our 12 global datacenters is answering your DNS requests and stats about total DNS requests — per day and even per second.

• We made the Business Solutions and Home Solutions more obvious in order to get people to the information they need faster. Whether you’re a SysAdmin looking for information about how our malware protection works, a mom or dad looking for a straightforward way to keep kids safe online, or just want to sign up for Premium DNS, the new site is tailored to ensure your questions get answered in fewer clicks.

• The Resources section is a great place to find out who is using OpenDNS and how. Browse the customer showcase and get to know the trusted brands that rely on OpenDNS every day, meet our partners or find out why companies like yours are using OpenDNS. This section is jam-packed with case studies, data sheets and even an FAQ.

We have something new we’ve been cooking up and we need some help testing it. Interested in helping shape and vet a new OpenDNS technology, poised to positively impact everyone who uses the Internet?

OpenDNS is calling for participation in a technology preview, seeking people to help us test a new (exceptionally awesome) service and provide feedback. And make sure it’s in prime shape before it’s tasked with serving the world at-large.

In exchange for helping us with feedback you’ll receive our gratitude and you’ll know you’re doing your part in helping build a better service for users all over the world.

Rules to participate are simple:

1. You need to be computer savvy. This is new code, and might have bugs.
2. We aren’t ready to share with the world yet, so you need to keep everything we share with you confidential — that means no tweeting, blogging, forwarding, etc.
3. That’s it.