3. THE TERRIBLE TYPO

• Mistake maker: Andrew Cardwell

• Position: Computing Security Officer, Director at Cardwell Security Ltd.

• Location: United Kingdom

• The incident: Mistyped serial number causing Internet domains to stagnate for a week

"I worked for an ISP that at the time was responsible for controlling the .org.uk domains. We where essentially the authority for any domains under that TLD [top-level domain]. This was around 1995, when domain names where all manually applied for, approved, updated and controlled.

"I had to update the main registry file and insert a new name and update the serial number which controlled the updates on the DNS server. The serial number was in the form of YYYYMMDDXX. XX represented the number of changes that day so in order to get it updated we had to do new XX = old XX +1. Sadly, I removed one of the digits so the serial number turned into YYYYMMDDX. As a result, the name server did not pull in the new file and update the .org.uk domains for a week until we discovered it on closer inspection -- and after several complaints."

THE LESSON

"This is an ideal example of lack of controls around the software, lack of a sanity check and human error. Over the years in places that now run the TLDs, controls have been introduced to ensure this kind of human error is sanity-checked through logical rules. I added something so the serial number should go up not down to help eliminate or reduce the number of human errors."