A few months ago, I registered my first domain name ever. When you
want to register a domain, the first step is generally to enter the
domain you are interested in into a box; the registrar will then check
to see if the domain is not registered yet, and allow you to register
it if it's available. When I saw this, I thought to myself: huh, I
bet that if I were a registrar and I were evil, I would take domain
names that people ask about but don't register and register them
myself.
So I used the normal DNS lookup process to check hostnames
until I came up with one I liked, on the theory that they can't
possibly be registering every single lookup failure.
I really hoped that I was just being excessively paranoid, so it makes
me sad to learn that apparently my cynicism in this particular case
was entirely well-founded. Someday I want to
believe bad things about humanity and have them turn out to be
false. 