Com.Com is Up For Sale
Mubix sent me a link today to the fact that Com.com is for sale. So what, right? Yet another domain that needs a home. But com.com is incredibly important for security. In fact, one of C|NET’s (the company that currently runs com.com) network admins was listed as the 10th most dangerous and least likely person on the Internet during my presentation at OWASP. Why? Because of typo traffic. A friend of mine used to run csuchico.com instead of csuchico.edu and used to get tons of sensitive information about the local college, including building plans, love letters, medical information, bills, and on and on… And that was just one .edu domain. Now imagine the typo traffic for all of .com!
I’m not just talking about email, but think about all the DNS errors, and the referring URLs and the places that you could XSS just because of sloppy coding? It’s a recon dream come true, and it’s almost entirely passive! I tried to register xn--g6w251d.com at one point (a typo of the simplified Chinese IDN TLD). Most people don’t realize that xn--g6w251d (測試) is a TLD and there are a bunch of others like it. So owning xn--g6w251d.com would allow me to get tons of typo traffic, but ICANN in their infinite wisdom decided you’re not allowed to own things like xn--g6w251d.com anymore because it’s too dangerous. Yet com.com still exists and it’s up for grabs! I’m sure it’s monetarily well out of reach for the average bad guy, but there may be a lot more than average bad guys who are interested in owning this one.
November 20th, 2009 at 9:51 am
I want that. I would have no clue what exactly to do with it, but i want it.
November 20th, 2009 at 9:58 am
you rickroll people of course
November 20th, 2009 at 10:11 am
Good idea!
How much does the domain cost?
November 20th, 2009 at 10:51 am
I once had a fax number that was 1 digit off of the fax number for a local investment bank. (I had a 6 instead of an 8 in my number). I regularly got TONS of sensitive information - requests for IRA changes, rollovers, copies of checks, fund transfers, bank account transfers, etc. Each time I got another one I laughed at how much damage I could have done if I were unscrupulous and them promptly contacted the sender and informed them of their mistake. I can only imagine the endless possibilities with com.com.
On another note though, it doesn’t look like it’s actually for sale. That’s just a domain brokerage service - they will _try_ to negotiate a sale for you of any domain you want. It doesn’t mean cnet is actually selling. A quick google search (and cnet search) doesn’t turn up anything else, so I don’t think they’re selling.
November 20th, 2009 at 2:07 pm
Indeed; it’s unlikely that com.com is for sale, since that site shows the same page for any domain you type in. I’m fairly sure this one isn’t for sale, for instance.
November 20th, 2009 at 2:19 pm
Are you kidding me! ckers.org has been for sale since they day I bought it. It’s just about the price.
November 20th, 2009 at 9:13 pm
Well maybe you’d like to buy microsoft.com?
November 22nd, 2009 at 6:12 am
Great names the price should be close to millions
November 22nd, 2009 at 11:31 am
Well you could have fun with the new fast-track IDN ccTLD’s, and apply to get your own - it’s only $26,000, chump change for you!
Russia’s applying for .рф
Tunisia’s applying for .تونس
China’s applying for .中国
List goes on, expecting up to 500 new TLD’s in the next few years.
November 23rd, 2009 at 8:41 am
@Chris - I bet .con and .co would be useful.
November 23rd, 2009 at 1:08 pm
I reckon whoever intends on purchasing it is gunna be plastering the page in ads and hoping for alot of clicks. Sure if it’s a common typo, alot of ad views are gunna rake in.
November 23rd, 2009 at 8:49 pm
http://www.com is a good one too
December 4th, 2009 at 1:42 am
com.com can also be used for bypassing weak “whitelist” filters with clever subdomains such as subdomain.domain.tld.com.com
December 22nd, 2009 at 11:04 am
i got the chinese one .tk
March 6th, 2010 at 4:11 pm
Great Names, but domain business is lagging in these harsh days.
one .tk
is fine as well.