You are here

User Verification Gone Horribly Wrong

We've got a client, named 'growingtales.com'. They do a modest amount of business on the web, and they need an SSL Certificate in order to do it. Their SSL Cert expired in October. In September I received a reminder email about renewal, and I called up their web host to renew their certificate.

I keep our client's account information in an encrypted password manager called KeePass Password Safe. So when I called up the sales people to renew the domain, I opened up the password manager and read off my 'secret word' which they use to verify me.

The nice sales person (the real humans are in sales, tech support gets their flunkies) accepted the renewal, and I told him to bill it to the card on file.

Today, I get an email from the client saying the certificate hasn't been renewed! I call up interland, verify myself with them, and ask what's up. The support monkey tells me that we don't actually have active hosting with interland, and that is the reason the certificate didn't get installed.

I tell her she's crazy, that i'm looking at the site right now, and it's happily humming along, being served from one of their servers. (for which i give her the ip address). Much yelling follows, I'm put on hold many times. Finally they change out the support monkey. The new one verifies the spelling of the domain name 'growingtails.com right?' *sigh* no.

So. At some point in my long ass history with this webhost and its support monkeys, I could not be verified using the secret word I had. The tech support monkey must have leaked to me the secret word of 'growingtails.com', which I dutifully wrote down in my password manager for future reference.

When I called to renew the certificate, the sales guy made the same spelling mistake, and I rattled off the incorrect secret word. He then renewed a certificate on an inactive domain, and billed the card on file for some unknown shmuck. (which was later refunded, thankfully)

It took till November for anyone to realize our Cert had expired.

The Moral of the story: don't ever give up the secret word support monkeys! Such systems can fail in fascinating ways.