Pay attention to your domain extensions – certificate errors can be alarming

It’s often said that branding and getting the right domain name is one of the toughest challenges in innovation and entrepreneurship today. Simply put..

They’re all taken!

The recent expansion of Top Level Domains has helped with that a bit, but even with 617 new extensions to pick from – the winners’ dais still looks like this:

1. .COM
2. .NET
3. .ORG

So, to all ye who have secured all three (if your website needs it) – congratulations! Have you ensured that your website’s certificate is tied to the right domain? If it isn’t, most browser exhibit very interesting behavior – including immediately closing and displaying some curious and alarming security messages that warn about somebody trying to eavesdrop on you.

Very recently, I spotted this at Todoist – a very nice service focused on getting things done and really energizing the to-do list with a host of capabilities to assist with both the big picture and the niceties. After a few days of using TodoIst, I found myself looking at this screen:

..and figured it was a script error or the sort, so I reported it to them via Twitter. Two weeks later, I found myself still looking at screens like these:

and, more curiously, these..

With the security sense tingling now, I dug around a bit more to find that the root concern was:

…and reported it to them, again – with a workaround that was basically going to their .COM and skipping the fancy front page login screen.

So far, this is a simple security defect / oversight; with no security vulnerabilities evident. Here’s hoping that they add it to their To-Do List at the very top and get the security certificate error fixed over the weekend; or just have traffic to the .NET domain forward transparently to the .COM domain. The latter would be a cheaper fix.