In New York City, especially after September 11, they take security seriously. There are numerous police officers patrolling around in high-priority places. There are armed military personnel with assault weapons in-hand in heavily travelled areas. They even make you use electronic key cards to access public bicycles. Multiple levels of picture identification and key card access are required for most major institutions.

Bruce K. found this snippet of code to destroy stuff. There is no form with a password field that calls this method. It's just out there. Unprotected. Waiting for someone to figure out how to call it...

class SpecificController < GenericController
   def destroy
       if (params[:password].equals("New York"))
          Team.find(params[:id]).destroy
       end
       redirect_to:action => 'list'
   end
end
[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!