Who, me? Welcome again to “Who, me?”, The Register’s confessional column in which techies unburden their souls by revealing that they have broken stuff.
This week meet “Matt” who told us he works for a company that makes “email tracking software for corporate communications.” Said software uses a web server “to detect message opens and perform redirects for tracked URLs.”
Matt once found himself helping the USA’s biggest electric company to install this software on-premises.
But the job was tricky. “I was quite literally working in the dark due to the fact the server tech was not permitted to screen share,” Matt explained. So he guessed a few things, but got them right.
Until it came time to do some networking.
“I'd foolishly assumed a typical configuration and instructed the technician to use all unassigned IP addresses for the https binding.”
But Matt didn’t know the web server was a multi-tenant affair and hosted other apps. And one of those apps was the giant electricity company’s very, very public-facing bill-paying service.
Admin needed server fast, skipped factory config … then bricked itREAD MORE
“When committing this change, all traffic was suddenly routed to our application and it was a matter of seconds before the electric company’s tech received an urgent and very angry phone call from the network security team.”
Then came the even angrier call from the electric company’s CTO.
Happily, it didn’t take long to remediate the situation.
The client even learned something – Matt said “additional protocols were put into place by the client to prevent this from occurring again.”
Matt’s company learned something too. “We only install our software on dedicated systems for production environments,” Matt told us. “Oh, and I still have a job - as the senior tech engineer.”
Has a quiet client left you in dark? If so click here to write to Who, me? so we can share your story some future Monday. ®