The internet is broken, and you can't win
Two weeks ago, it was revealed that there's a nasty flaw inherent in the design of the DNS protocol that underlies almost everything we do on the internet. The implication is that when you're doing your thing on the net, any given bad guy could make your computer go where he wants, instead of where you want, without you knowing about it.
The problem is so bad that the DNS and security experts who were made aware of this all agreed to keep the details quiet for 30 days, in hopes of giving network admins everywhere the chance to mitigate the problem before the bad guys figured out how to exploit it. Meanwhile, one of the recommended workarounds was to use OpenDNS servers if your ISP's servers are vulnerable.
Unfortunately, OpenDNS intercepts failed queries and tries to either correct them or direct them to a search. This breaks some things that rely on knowing whether a lookup actually fails.
Even more unfortunately, OpenDNS intercepts all lookups to www.google.com, and relays them through its own servers. (Apparently this is an attempt to work around some Google-Dell deal that wouldn't otherwise affect people not using Windows on recent Dell desktop computers. Everybody's trying to cash in on invalid web requests.)
So in order to avoid some random bad guys secretly changing where I go when I type something like, say, www.google.com, into my browser, I must use a service that definitely changes where I go when I type www.google.com into my browser. This does not make me feel warm and fuzzy.
Oh yeah, and two days ago the secret leaked early, and everyone now knows how to break unpatched DNS servers. (At least one major ISP I use still hasn't fixed their servers, and apparently many other big ones haven't either.) So, uh, when you go to your bank's website, be sure to click on that little lock icon and make sure the right name shows up before you login to your account.
The problem is so bad that the DNS and security experts who were made aware of this all agreed to keep the details quiet for 30 days, in hopes of giving network admins everywhere the chance to mitigate the problem before the bad guys figured out how to exploit it. Meanwhile, one of the recommended workarounds was to use OpenDNS servers if your ISP's servers are vulnerable.
Unfortunately, OpenDNS intercepts failed queries and tries to either correct them or direct them to a search. This breaks some things that rely on knowing whether a lookup actually fails.
Even more unfortunately, OpenDNS intercepts all lookups to www.google.com, and relays them through its own servers. (Apparently this is an attempt to work around some Google-Dell deal that wouldn't otherwise affect people not using Windows on recent Dell desktop computers. Everybody's trying to cash in on invalid web requests.)
So in order to avoid some random bad guys secretly changing where I go when I type something like, say, www.google.com, into my browser, I must use a service that definitely changes where I go when I type www.google.com into my browser. This does not make me feel warm and fuzzy.
Oh yeah, and two days ago the secret leaked early, and everyone now knows how to break unpatched DNS servers. (At least one major ISP I use still hasn't fixed their servers, and apparently many other big ones haven't either.) So, uh, when you go to your bank's website, be sure to click on that little lock icon and make sure the right name shows up before you login to your account.