Hacking Superbowl Ads

hackingIt was the Super Bowl XXXIV, and ABC decided to try something new called eTV, where they simultaneously linked the Super Bowl Internet site with the live TV broadcast. Scott had invited several friends over for the event. One was the CEO of a small software company. With eTV, you could call the next play during the huddle, and if you selected the same play as the real QB, you got points. It was a compelling and sticky method for linking viewers to the event. During TV commercials, the website featured the same commercial airing on TV. During one of these web commercials, Scott noticed that one of the advertiser’s sites was running a Lotus Domino Server. Two years earlier, Scott had a run-in with the SVP at Lotus responsible for Domino when his team had exposed over fifty critical security holes in the platform by hacking Lotus’s own Domino-hosted site.

Scott pointed out to his friend that this advertiser (NewBeginnings.com) was running Domino, he then keyed in a long cryptic URL. The next page displayed was the web server’s configuration database in edit mode! Shocked that this bug still existed two years after his team reported it, Scott demonstrated how one could override Domino’s default action by creating an exception page within this database. Once established, Scott refreshed the page, showing the change was permanent. Later, when the server rebooted, it would have taken effect. Scott then backed out of the change. He then explained that he could just as easily have mapped the entire website over to a competitor, say Macys.com, and on reboot, they would be “virtually” out of business after having spent $250K of their VC’s money on a 30-second Super Bowl ad.

It was two years later, and Lotus still had its head in the sand regarding network security. In fact, while writing this piece in 2010, Scott did some further research and found an article still talking about some of the same serious security holes that were still in existence. Note that all of these flaws in Domino can be mapped around if one invests the necessary time and changes from the defaults to customized database settings.