Stories - Hacking a Superbowl Ad
Scott pointed out to this software exec that this advertiser was running Domino, he then keyed in a really long cryptic URL. The next paged displayed was the web server's configuration database, in edit mode! Shocked that this bug still existed two years after his team had reported it Scott then demonstrated how one could over-ride the default action of Domino by creating an exception page within this database. Once created Scott refreshed the page and it showed that the change was permanent. Later when the server was rebooted it would have take affect. Scott then backed out the change. He then explained that he could just as easily have mapped the entire website over to their competitor, and on reboot they would be "virtually" out of business after having dumped $250K on a 30 second ad on the Superbowl.
Two years later and Lotus still had their head in the sand regarding network security. In fact while writing this piece Scott did some further research and found this article written TEN YEARS later still talking about some of the same serious security holes which are still in existence. Note all of these flaws in Domino can be mapped around if one takes the necessary time, and changes from the defaults to customized database settings.