Generic TLDs Threaten Name Collisions and Information Leakage 115
CowboyRobot writes "As the Internet Corporation for Assigned Names and Numbers (ICANN) continues its march toward the eventual approval of hundreds, if not more than 1,000, generic top-level domains (gTLDs), security experts warn that some of the proposed names could weaken network security at many companies. Two major issues could cause problems for companies: If domain names that are frequently used on a company's internal network — such as .corp, .mail, and .exchange — become accepted gTLDs, then organizations could inadvertently expose data and server access to the Internet. In addition, would-be attackers could easily pick up certificates for domains that are not yet assigned and cache them for use in man-in-the-middle attacks when the specific gTLD is deployed."
Another way to look at it: why were they using invalid domains in the first place?
Re:That's why I have been giving my internal (Score:4, Funny)
You can use .test, .example, .localhost and .invalid. ...and nobody will bother you if you use, for example, ".invalid" for your internal domains.
Some CEOs and PHBs might ;).