I haven’t had a chance to play with OpenDNS yet, but I’ve been hearing about it a lot lately. One of the great things about it is that is attempts to fight phishing by locating domains that have phishing sites on them and blackholing them with this page. Pretty cool stuff, actually. One of these days I’m going to have to play with it.
I’m just going to go out on a limb here and pretend I know how it works. It probably uses a blacklist of domains. Unfortunately that means if my phishing site is on a hacked machine with other valid things on that machine it’s now inaccessable to users. That may or may not be a bad thing, but what about XSS? Everything is vulnerable to XSS. So any time I put up a phishing XSS site on any domain (Google, Yahoo, you name it) it gets blackholed? There’s got to be a better way to do that with more intelligence.
And then there is the XSS issue:
GET / HTTP/1.0
Host: <body onload=alert("XSS")>.com
User-Agent: blah blah
I still think it’s an interesting idea, even with the flaws. I’d rather see this as a content filter proxy rather than a DNS server implementation because I think DNSs are too blind (as they don’t see paths). But it’s still probably better than nothing in the short term until the phishing community changes their tactics.