We just launched a subtle new feature for all OpenDNS account holders (it’s free) that helps protect against a class of DNS vulnerabilities known as DNS Rebinding attacks. In short, these attacks take advantage of design flaws or weaknesses in how some Internet applications (notably web browsers) cache DNS data so that internal network resources can be accessed by external servers regardless of firewall settings.

This can happen because the browser (or similarly exploitable vector) acts as a conduit between the private internal resource and the external server. In plain English this means that some bad guy on the Internet can access your home access point, wireless access point, internal file server or any other networked device on your network just by getting you to load some javascript on a webpage.

While this might seem like a browser issue, it’s fundamentally a DNS issue. This is why OpenDNS created what will become a new class of filtering tools called Suspicious Response Filters.

These new filters are different from the filtering options we’ve offered to date in one important way. Rather than filtering based on the DNS question being asked (eg, “Where is foo.com?”) these filters inspect the DNS reply before we send it back to you (eg, “Does this reply point to an internal resource?”). Like most of our features, this is an industry first. No other major DNS software or service offers anything like this.

When I started OpenDNS I often told people one of my main goals was to design a global DNS service that empowered people to let the good DNS in and keep the bad DNS out, for whatever definition of good and bad they had. This feature gets us one step closer to delivering on that promise.

The feature is turned off by default, but I encourage everyone to go into your account and turn it on. Those of you with domains that point to private address space legitimately (to your intranet, for example) should also visit the domain whitelist page and whitelist your domain. Naturally, any domain in your whitelist will not have its responses filtered in any way and will be explicitly allowed.

Today kicks off the March Madness basketball tournament and in case you haven’t heard, CBS is broadcasting all 63 NCAA games live - and free - on the Internet. All you need is broadband to tune in.

What makes this particularly relevant to YOU is the fact that many of the games are being played during the workday.

According to an article in the San Jose Mercury News, network admins are blocking the site(s) broadcasting the games because they’re concerned all that streaming video is going to slow down their networks. Unlike the reasons you might block adult sites or social networking sites, there’s nothing inappropriate or unsafe about the NCAA tournament. But without question if several people on your network were watching the games, it could slow things down.

The SJ Mercury is doing a poll, asking people if video is blocked where they work. Right now it’s almost a tie between yes and no answers.

Are you blocking the games?

(If you aren’t and want to, it’s as easy as signing into your account and adding NCAASports.com to your block list. )

Things are good here at OpenDNS. We have more and more users everyday, we’re handling record numbers of DNS requests, we’re being nominated for cool awards and our service keeps getting better and better.

If you think you have what it takes to move the the world’s largest, fastest-growing DNS service to the next level, we want to hear from you.

Open positions include:

We call this position a WASE (pronounced Waah-See), which stands for Web Applications System Engineer. If you are a solid PHP hacker with little experience working on a global scale you will quickly become an expert of developing web applications that take advantage of all elements of a server and network. We have millions of users, billions of DNS requests and all of our users administer their preferences and settings through our web application that you will extend and maintain.

Apply

This position is for an experienced software developer. This is a broad position, so please click “apply” below for a sampling of tasks this job entails.

Apply

This person is a standout among his/her peers, has the tactical know-how to do his/her job well already and is looking to move into a more strategic marketing role while still executing superbly. We want someone who has a base of significant marketing experience and is ready develop their own marketing programs geared at engaging our audience and converting it into customers.

Apply

If any of these descriptions sound like your areas of expertise, we can’t wait to hear from you.

P.S. If you are a leader in your field but don’t see your ideal position below, you can still apply using a generic OpenDNS application.

CNET blog Webware let us know we’re a finalist for a Webware 100 award and we need your vote to seal the deal. The annual awards pay tribute to the best Web applications and services, so if you think we qualify for one, cast your vote for OpenDNS.

(We’re in the Utilities and Security category.)

Fingers crossed…

This morning we launched a new service that will undoubtedly change the way budget-conscious network operators and IT administrators filter Web content. The system that powers the service is inspired by the success of PhishTank, our anti-phishing site, and works in a similar way. By leveraging the intelligence of our community (all of you) and our global network of servers we can provide a level Web content filtering that is robust and effective. And, like everything else we do here, we’re offering this for free.

Here’s how our game-changing system works:

People add Web sites to our system and tag them with a category. For example YouTube.com would be appropriately tagged “video sharing” and MySpace.com would be appropriately tagged “Social Networks.” Other users come along and verify the accuracy of the submitters tag by voting. Once a site crosses a predetermined threshold of votes, it gets added into the category in the OpenDNS system. All this adding and voting happens on our new Community Site - if you haven’t yet seen it, stop by and cast a few votes. Every day this system will get more and more comprehensive, thanks to the help of 100s of 1000s of IT folks who have accounts with us and the millions of OpenDNS users.

You probably already understand why this is far superior to the way security companies categorize sites and deliver filtering services, but allow me to explain briefly the three main reasons our service is better:

• It’s more comprehensive. Our system has tens of thousands of people like you submitting and verifying the accuracy of Web sites’ inclusion in categories. This is in stark contrast to the handful of people employed for this job by security companies.
• It’s faster moving. New Web sites and changes to existing Web sites are constantly being published to the Internet. Other Web content filtering tools update only once nightly, or even less frequently, and therefore fail to catch and categorize everything right away. OpenDNS has the advantage of tens of thousands of people adding and tagging sites at any given time, so users benefit from real-time updates.
• It’s free to use. No longer are you forced to pay top dollar to security companies simply to protect your networks.

Log in to your dashboard now and you’ll see the new filtering categories available to you, and know it will get better and more thorough with time. We launched with just over 30 categories, but if you have a need to block a category not represented in our system let us know and we’ll be happy to accommodate.

Finally, this service (like everything else we offer) is optional and can be enabled in your free OpenDNS account. Let us know if you have any feedback, about any part of the system or how it works. We built this for you.