ICANN issued a security advisory regarding SSL certificates for internal domain names with unqualified extensions. What is an unqualified extension, and what is the risk they pose? How can organizations secure their SSL certificates to prevent this problem?