Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stanford Rejects Business School Hackers

Zonk posted more than 9 years ago | from the don't-count-your-chickens dept.

Security 406

robbarrett writes "The Stanford Report offers the next chapter in a continuing story about business school applicants manipulating URLs on the ApplyYourself system to determine their personal admission status. Harvard immediately rejected the 'hacker' applicants, but Stanford gave 'offenders' the opportunity to defend their actions. However, none of the competitive applicants 'was able to explain his/her actions to our satisfaction,' according to Stanford's dean, so all were rejected. The story mentions the decisions reached by other schools involved in the mess."

Sorry! There are no comments related to the filter you selected.

If they had been Comp Sci students.... (2, Insightful)

phobos13013 (813040) | more than 9 years ago | (#12669015)

They should have been immediately accepted!

But in this case you get what you deserve. Whats the difference of finding out now or later that you didnt get accepted to Stanford?

Re:If they had been Comp Sci students.... (2, Funny)

Anonymous Coward | more than 9 years ago | (#12669025)

"Whats the difference of finding out now or later that you didnt get accepted to Stanford?"

Knowing where, or where not to put your energy in perhaps ?

Re:If they had been Comp Sci students.... (5, Insightful)

leonmergen (807379) | more than 9 years ago | (#12669030)

But in this case you get what you deserve.

These kids didn't even know they were hacking. All they knew was that they received an url via MSN from their friends where they could look up their status...

Sure, they should've know it wasn't supposed to go this way, but should they really be punished like this ?

Personally, I don't think they should be the ones punished, but rather the person in charge of the security of the website...

Re:If they had been Comp Sci students.... (2, Interesting)

phobos13013 (813040) | more than 9 years ago | (#12669073)

Come On!

It seems pretty obvious these folks knew what they were doing. Its requires pouring through a sites source code to extract sensitive info and writing down ids to basically get into a system they obviously didnt have official access to.
As analogy lets assume during the day at a bank the vault is unlocked with access to those who are permitted but with no guard watching the entrace. OK, yes we should assume the bank is very stupid for not guarding it, but if someone walks in and takes off with a bunch of cash are they innocent?
Dont think so. Instead of stealing cash, these would-be students steal information. They got what they deserved.

Re:If they had been Comp Sci students.... (0)

Anonymous Coward | more than 9 years ago | (#12669100)

Its requires pouring through a sites source code

If they've been pouring stuff through the source code then no wonder they were rejected. Did it wash out okay?

Re:If they had been Comp Sci students.... (3, Informative)

cortana (588495) | more than 9 years ago | (#12669168)

Good grief, tell me you're not a sysadmin for any public webapps so I can breathe a sigh of relief. I don't want to be arrested for cracking into your system the next time I mis-type a URL!

Also your analogy is crap, because accessing an unsecured resource at a publicly-available URL is not the same as waltzing into an open bank vault and making off with the contents.

Re:If they had been Comp Sci students.... (1)

DrSkwid (118965) | more than 9 years ago | (#12669197)

lol,

how about if they walked inside the unlocked vault and had a look around but took nothing ?

or are you going to prosecute them for stealing photons & electrons & wear and tear on the carpet!

Re:If they had been Comp Sci students.... (2, Insightful)

djdavetrouble (442175) | more than 9 years ago | (#12669330)

Thats Trespassing, which people have been killed for.
Now get off of my property. /wield shotgun

Re:If they had been Comp Sci students.... (0)

Anonymous Coward | more than 9 years ago | (#12669235)

Its requires pouring through a sites source code to extract sensitive info and writing down ids to basically get into a system they obviously didnt have official access to.

Disclaimer: phobos13013 was rejected from Stanford for reasons entirely unrelated to hacking.

Re:If they had been Comp Sci students.... (3, Insightful)

pedantic bore (740196) | more than 9 years ago | (#12669133)

These kids didn't even know they were hacking.

What do you think that they thought they were doing? They didn't get a message from Stanford saying "here's how you check your admission status"; they got a message from their friends saying "here's how you craft a URL that let's you sneak in to the web site and check your admission status before the official date."

Imagine if the email from their friends had said "Your admission status is kept in the filing cabinet in room 306 of the admissions office, and the guy who works in that office leaves the door unlocked when he eats lunch at noon every day."

Walking into an unlocked office and looking in the filing cabinet versus cobbling together a URL that obviously circumvents the system. Tell me the difference.

Re:If they had been Comp Sci students.... (1)

goonies (227194) | more than 9 years ago | (#12669182)

the difference is, you don't need to log in using your id and password, therefore beeing tracked in the log files ;) i'd rather sneak into that office (wearing gloves, of course)

Re:If they had been Comp Sci students.... (1)

penix1 (722987) | more than 9 years ago | (#12669225)

WTF....

The question I got on this goes beyond your lame example. Why was sensitive data in a web accessable area to begin with? Sure, the students shouldn't have done it but they aren't the real guilty party here are they? The real guilty party is the damned administrator. Did they punish the administrator as severely as the student by NOT PAYING HIS DUMB ASS?

B.

Re:If they had been Comp Sci students.... (4, Insightful)

TheoMurpse (729043) | more than 9 years ago | (#12669273)

Imagine if the email from their friends had said "Your admission status is kept in the filing cabinet in room 306 of the admissions office, and the guy who works in that office leaves the door unlocked when he eats lunch at noon every day."

No, the correct analogy is
Imagine if the email from their friends had said "Your admission status is posted in the hall of the Natural Sciences building, indexed by SSN".

Re:If they had been Comp Sci students.... (1)

svanstrom (734343) | more than 9 years ago | (#12669200)

These kids didn't even know they were hacking.


They were hacking as much as I'm hacking when I'm "guessing" an URL when the idiot webdesigner's used some IE-only javascript, making the whole site useless whenever I'm not using WinIE (which I never use)... or when I get an URL to a file not directly linked to anywhere on the web...

Re:If they had been Comp Sci students.... (5, Insightful)

L.Bob.Rife (844620) | more than 9 years ago | (#12669038)

What they deserve? They applied to the school, and then somebody told them they could find out if they were admitted by typing in a url.

How many students were even aware that it was a big secret whether they were admitted, and they werent allowed to actually know. Why was it even a big secret in the first place? Shouldn't they be telling the students as soon as its reasonably possible, and not dangle it over their heads making them waste time if they werent accepted.

So, Stanford wants to make claims that these students are morally corrupt by typing a couple letters into their browser, when the school itself is keeping secrets about the students futures hidden for no reason at all and punishing them for being curious. Who is morally corrupt in this scenario i ask...

Re:If they had been Comp Sci students.... (1)

jacen_sunstrider (797955) | more than 9 years ago | (#12669128)

You have to have time to switch between sending out pwned/dispwned letters to the mode of repelling the hordes of angry parents whose children they know should've been accepted, and there must have been some sort of mistake.

Well.... (0)

Anonymous Coward | more than 9 years ago | (#12669178)

They did access information that the university decided to make public. If they went to the admissions office 5 minutes before it was set to open some morning, and walked in because the door was unlocked and the university appeared ready to do business, would they have expected a different reaction. Hey wait, did I just shoot the point I was trying to make in the head?

"Morality" and the great academic monolith... (4, Insightful)

mosel-saar-ruwer (732341) | more than 9 years ago | (#12669224)


Who is morally corrupt in this scenario i ask...

Your modern-day University autocrat has about as much use for morality as a fish has for a bicycle.

This is all about the elites that govern these institutions - they were embarrassed* by the applicants, and now it's payback time.

----------

*Although, for the life of me, I don't see how this** sort of thing would embarrass a normal person, but that just goes to show you how introverted, self-obsessed, narcissistic, and arrogant these monomaniacal little twits really are.

----------

** i.e. typing a URL into a browser with the hope of finding out information ABOUT YOURSELF - information that, in theory, BELONGS TO YOU. Reminds me of hospital administrators who try to ban patients from reading THEIR OWN CHARTS, as if the medical records belonged to the hospital, rather than to THE PATIENTS THEMSELVES.

Just thinking about these kinds of people makes my skin crawl.

Re:"Morality" and the great academic monolith... (0)

Anonymous Coward | more than 9 years ago | (#12669364)

Your modern-day University autocrat has about as much use for morality as a fish has for a bicycle.

This is all about the elites that govern these institutions - they were embarrassed* by the applicants, and now it's payback time.

If it weren't for the faggot format of your post, I'd totally mod you up. I guess petty requirements extend outside of academia.

Re:If they had been Comp Sci students.... (0)

Anonymous Coward | more than 9 years ago | (#12669238)

CS candidates should have been rejected, because it was obvious that their actions could have been traced.

Remember, the URL fabrication issue was advertised as a "secret hack". Also remember that the system was designed to manage both final decisions AND tentative decisions, and therefore was not actually beneficial to the candidate.

The only moral corruption was (1) the person who posted the information, and (2) the people who knew that they were doing bad.

In any case, it is doubtful that those who looked would have been accepted - the percentage of those who get accepted is amazingly low. You have to have friends in high places AND a killer application to get it.

Re:If they had been Comp Sci students.... (2, Interesting)

Solder Fumes (797270) | more than 9 years ago | (#12669246)

It's because the later you hold off telling students they've been accepted, the less chance a student has of saying "See, I've been accepted to Colleges A, B, and C. Here are the increased aid packages B and C offered me when they heard you accepted me. What can you do to convince me to stay? And what if I get even better offers from the other schools?" I know someone who managed to swing a $40K full scholarship that way.

Time and knowledge can always be used to advantage. Not only might a school end up bleeding out a little more just to keep enrollment up to par, but the students who peeked might be more able to scrounge up the leverage to get a bigger piece of the pie.

Re:If they had been Comp Sci students.... (0)

Anonymous Coward | more than 9 years ago | (#12669059)

They probably want to preserve an image of honesty, fairness and responsibility instead of giving an early impression of the do-what-you-can cut-throat behaviour which many of the graduates will exhibit in their jobs. Also, the only one who really deserves to be applauded is the one who found the url scheme, not the numerous copycats.

Re:If they had been Comp Sci students.... (0)

Anonymous Coward | more than 9 years ago | (#12669066)

But in this case you get what you deserve.

God, I hate this disgusting obedient slave mentality.

Re:If they had been Comp Sci students.... (1)

Znork (31774) | more than 9 years ago | (#12669234)

What, they should be accepted into Comp Sci because they can type in an URL?

I know Comp Sci isnt as popular as it used to be, but isnt that setting the standards a bit low...?

If you are not denied access when you're trying to access data then you can reasonably assume you're allowed to access that data. It's not like they were presented with a big 'permission denied' or 'access strictly prohibited' which they then tried to crack.

From ApplyYourself's website... (0)

Anonymous Coward | more than 9 years ago | (#12669358)

Our team is skilled in the integration of technology and business processes that help maximize both effectiveness and ROI, resulting in a better applicant experience, higher quality applicants, more applicants, quicker decision making, and accurate timely reporting.

The ApplyYourself i-Class decision toolkit satisfies your most anxious applicants and saves your staff time and effort by allowing applicants access to acceptance decisions, through their secure online application account.

Sure sounds like it to me!

Heh (2, Funny)

cloudkj (685320) | more than 9 years ago | (#12669023)

However, none of the competitive applicants 'was able to explain...

None of the posters of this article were accepted into Stanfurd [1] either.
---
[1] The misspelling of the university is intentional.

Re:Heh (0)

Anonymous Coward | more than 9 years ago | (#12669060)

The sentence reads 'None of '. The subject is 'none'. 'None' is singular.
So the correct verb is 'was'.

Re:Heh (3, Informative)

Anonymous Coward | more than 9 years ago | (#12669063)

Subject verb agreement. The subject is none, not applicants.

"None" is a special case of the singular. It should have a singular verb applied to it.

Re:Heh (4, Informative)

Guido del Confuso (80037) | more than 9 years ago | (#12669071)

"None" is short for "not one" and so it uses the singular verb form. The subject of the sentence is "none", not "applicants", so the usage is correct.

http://dictionary.reference.com/search?q=none [reference.com]

Re:Heh (1)

FEEBLE*BMX (695853) | more than 9 years ago | (#12669107)

Shhhhhhhhhhhh!

Somebody mod this nitpicker down.

Re:Heh (2, Insightful)

jwdb (526327) | more than 9 years ago | (#12669179)

Are you sure? "Not one was accepted" I can see, but "None was accepted" just doesn't sound right.

None may very well be singular (and even that is disputed - see your own link), but it refers to a group - can you therefore not use it in conjunction with a plural verb? I'd put it in the class of words like 'they', which aren't singular or plural themselves but get their number from the concept they embody.
It may be the contraction of 'not one', where singular is definitely used, but none is a fully independent word nowadays and, in my opinion, should be viewed separately from its origins.

On the other hand, the 'was' is part of a quote, a situation where normal grammar rules can become warped.

Jw

Re:Heh (1)

bersl2 (689221) | more than 9 years ago | (#12669211)

The indefinite pronouns (http://englishplus.com/grammar/00000027.htm [englishplus.com] ):

Singular: another, anybody, anyone, anything, each, either, everybody, everyone, everything, little, much, neither, nobody, no one, nothing, one, other, somebody, someone, something

Plural: both, few, many, others, several

Singular or Plural: all, any, more, most, none, some

For indefinite pronouns that can be singular or plural, it depends on what the indefinite pronoun refers to.

Correct: All of the people clapped their hands.
(All refers to people, which is plural.)

Correct: All of the newspaper was soaked.
(Here all refers to newspaper, which is singular.)


Well, that example still doesn't explain this.

I love English! :D

Re:Heh (1)

Tim C (15259) | more than 9 years ago | (#12669244)

Does none refer to a group, or to each individual member of the group?

In either case, I think you'll find that "none of the applicants was" and "none of the applicants were" are both acceptable, but the former is definitely correct, even if the latter is.

Re:Heh (1)

jwdb (526327) | more than 9 years ago | (#12669287)

I'd tend to disagree that the 'was' usage is correct.

If you look at the links provided by other posters, it's claimed that 'none' is an indefinite pronoun, both singular and plural. The exact number therefore relies on with which word it is used.
Now, look at the complete subject of the sentence you gave - "none of the applicants". None is used to define a subset of applicants (an empty set, but a set nontheless) and is therefore clearly plural in this case. This is a side effect of the construction "___ of the ___", which will always produce a plural subject.

As for other constructions; I'm no english teacher, but I cannot for the life of me remember another way to use none in the subject, excluding by itself where the "of the" is implied. If you look at the parent phrase "not one", it can be used in a singular subject of the form "Not one [singular noun]", but 'none' cannot be used in this way.

If the 'was' usage is acceptable, it is clearly only due to past usage and is an exception in the english language.

Of course, if you can find a usage of none as part of a singular subject (as indefinite pronoun, not as proper noun naming the word itself), I'll admit that this is all a load of hogwash.

Jw

Re:Heh (2, Insightful)

Guido del Confuso (80037) | more than 9 years ago | (#12669259)

None may very well be singular (and even that is disputed - see your own link), but it refers to a group - can you therefore not use it in conjunction with a plural verb?

You can if you want--it's an accepted usage as well. I normally wouldn't though. "None was" sounds perfectly fine to me. A lot of things that are correct may not sound right at first--"the data are" for example.

By the way, it's not disputed that "none" is singular. If you read the link carefully, you'll see that both the singular and the plural are accepted usages. My point was that the original poster was trying to nitpick a grammar point that was actually the correct (and, in fact, is generally considered the "more correct") usage.

Re:Heh (1)

jwdb (526327) | more than 9 years ago | (#12669338)

Good point about the original poster, and you're correct about the accepted usage, but for me anything that is supposedly correct but just sounds wrong sets off alarm bells.

I just posted another comment to this thread about how I believe that 'none' cannot be used in a singular manner and thus the was usage is an irregularity in the language left over from 'not one'.
http://slashdot.org/comments.pl?sid=151031&cid=126 69287 [slashdot.org]

As for 'data are', isn't that a special case where the singular and plural are the same? "The data is" is correct when referring to a single data set, "The data are" correct when referring to multiple datas. I'd also note that "The data are" is rarely used, mostly replace by "The datasets are" or some similar word to indicate multiple blocks or sources.

Aah, the irregularities of the English language... Makes life interesting

Jw

Re:Heh (2, Informative)

nacturation (646836) | more than 9 years ago | (#12669087)

In addition to the other posts, it is worthwhile to note that the subject of the sentence is never located within a prepositional phrase. "of the ... applicants" is a prepositional phrase, where a preposition is "of", "on", "in", etc. So this should read "None ... was able to explain", which still sounds rather odd even though it's correct.

CUNTinuing (2, Insightful)

Anonymous Coward | more than 9 years ago | (#12669027)

Yet more of this mindless usage of the word "hacker." Don't people understand that they can use these analytical type people, the ones who actually want to pursue information, to their advantage?

ahh, in some ways i guess this is good...

Re:CUNTinuing (0)

Anonymous Coward | more than 9 years ago | (#12669064)

Con artists and lazy people are analytical far as exploiting the efforts of others to their own good. Might not be good for an entire organization, but it does show the individual is creative in a self serving way.

Return of the H@x0r (4, Funny)

Anonymous Coward | more than 9 years ago | (#12669039)

Episode VI

RETURN OF THE H@X0R

Applicant-1337 has returned to
his home planet of ParentsBasement in
an attempt to rescue his
friend University Education from the
clutches of the vile gangster
The Big Guy.

Much does Hax0r know that the
HARVARD EMPIRE has controversially
begun construction on a new
armored hax0r-rejection policy even
more powerful than the first
dreaded competitive admission system.

When completed, this ultimate
weapon will spell certain doom
for the small band of hax0rs
struggling to restore freedom
to the interweb....

Re:Return of the H@x0r (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12669088)

Yeah, they weren't nerds. They were business school applicants. You know, the popular ones that always dated the cute cheerleaders in highschool??

So they have no 1337 skillz like we do. They will return to a nondescript apartment at a state university somewhere and study business there. Though they still probably date cute girls, and get an average job somewhere.

Fortunately for us, we have the warm embrace of our parents basement's to return to.

Re:Return of the H@x0r (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12669092)

Fortunately for us, we have the warm embrace of our parents basement's to return to.

You may have said that tongue in cheek, but look at it seriously.

I, for one, would rather have a family that loved me than all the riches in the world.

Re:Return of the H@x0r (0)

Anonymous Coward | more than 9 years ago | (#12669117)

I, for one, would rather have a family that loved me than all the riches in the world

Agreed, unless your mom is angry and wants you to move out.

Hackers is a strong word for them (5, Insightful)

Dancin_Santa (265275) | more than 9 years ago | (#12669042)

They hardly ought to be called "hackers". It's like calling arsonists "pyrotechnicians". Sure, the tools may be the same, but the level of expertise is very different.

Re:Hackers is a strong word for them (0)

Anonymous Coward | more than 9 years ago | (#12669080)

Very true, but it will not be easy for people to escape the names they are given by others, especially when the popular media is involved.

Re:Hackers is a strong word for them (1)

Frnknstn (663642) | more than 9 years ago | (#12669204)

Looking through all the comments posted so far, all I see is uninformed people who didn't read any of the fucking articles, have no idea what a hacker is, or what a website is.

Here is an analogy which is significanty less flawed than the others people have been throwing about:

At each of these universities, there is a big room marked 'Public Access'. It is filled with hundreds of cupboards, with memos, letters, advertising information, application forms and all kinds of documents. People were invited to come, open the cupboards and read the documents they found inside. Some of the documents also told people which cupboards they could look in for more information.

Now somebody pointed out that if you open up certain ones of less well-marked cupboards, you could see if they had processed the forms you had submitted yet. And so, people went and opened those cupboards.

The universities then said, "oopsie, we didn't mean for you to see that!" and said that these people are EVIL for seeing things that they shouldn't.

And that is the long an short of it.

Re:Hackers is a strong word for them (3, Insightful)

ultranova (717540) | more than 9 years ago | (#12669096)

They hardly ought to be called "hackers". It's like calling arsonists "pyrotechnicians". Sure, the tools may be the same, but the level of expertise is very different.

No, it's like calling the guy who lights candles to read by their light a "pyrotechnician with arsonistic tendencies". The word "hacker" implies skill with computers, and when used in place of the word "cracker", a certain amount of malicious intent. Since this incident implied neither, the word "hacker" is unapprooriate - and drawing any parallels with these people and arsonists is completely absurd.

Re:Hackers is a strong word for them (3, Insightful)

nacturation (646836) | more than 9 years ago | (#12669160)

But they're not script kiddies either. What if you phoned up the admissions office and sweet talked someone there into letting you know whether or not you got accepted already. Would that be cause for a rejection letter? In effect, they knew what question to ask the webserver in order to get the answer.

What? (1)

AntiPasto (168263) | more than 9 years ago | (#12669050)

They didn't mention the speed at which they typed the new url? I'm *still* asked my WPM on silly web-based forms.

TFM... (5, Insightful)

Viceice (462967) | more than 9 years ago | (#12669054)

"Joss noted that while Stanford was dismayed by the actions of the candidates who tried to gain unauthorized access, it "did not rush to judgment given the limited information available to us initially. By carefully reviewing the file of each applicant involved in these incidents, we upheld the business school's values while treating each applicant fairly. As an educational institution, we hope that the applicants involved in this incident might learn from their experience.""

Sounds more like an attempt by the PR departments to cover their collective legal asses after their PHBs jumped the gun and block rejected applicants on the grounds that they committed a crime that technically isn't. IMHO, their position on the matter is weak.

The students didn't steal passwords, spread a virus or trojan. All they did was akin to manually typing in an abiet complicated URL and accessed data on unprotected public servers.

I wouldn't want to employ those people (1)

samael (12612) | more than 9 years ago | (#12669250)

"All they did was akin to walking up to an unlocked filing cabinet and rifling through it."

If you can't trust staff to not go rifling through the filing cabinets, you don't have much trust around the office...

Re:I wouldn't want to employ those people (2, Insightful)

ConceptJunkie (24823) | more than 9 years ago | (#12669345)

A better analogy would be if the filing cabinets were left out in the parking lot.

If I spray paint my salary on my front door, I can't complain when my neighbors know how much money I make. Even if I do something like "I make $100^2" instead of $10000.

Was it unethical? I'd have to say yes, but who hasn't hacked URL's if for no other reason than to navigate a poorly designed site.

I found an online vendor who put the price in the URL, I was able to put items in by shopping basket for any price I wanted. I didn't try to buy them like that, and I notified both the vendor and the maker of the web commerce package.

Ironically, the vendor did not seem concerned. They figured if someone tried that they would notice.

Re:I wouldn't want to employ those people (1)

grazzy (56382) | more than 9 years ago | (#12669360)

Having tried the above (but only by changing the price slightly), I can say it works just fine ;)

Unfair treatment (5, Insightful)

omega_cubed (219519) | more than 9 years ago | (#12669068)

Quote:

Joss noted that while Stanford was dismayed by the
actions of the candidates who tried to gain
unauthorized access, it "did not rush to judgment
given the limited information available to us
initially. By carefully reviewing the file of each
applicant involved in these incidents, we upheld
the business school's values while treating each
applicant fairly...

That's quite a "holier than thou" sneer at Harvard and MIT.

What I am truly surprised is that none of the schools took actions against ApplyYourSelf as far as I know: rather, the focus has all been on whether the schools took action against the students. I think this plays heavily on the public's fear of "hacking". Just because the applicants peeked using a computer, it suddenly made it such a grave matter.

First, I think ApplyYourSelf should bear some responsibility for not properly securing their web-app in a way that such an action is possible. For many people (and I'd even venture to say that in public opinion), anything that is accessible by typing a URL into a browser window might as well be published. I don't really think the school has the right to penalize the applicants for accessing information that has been made available to them.

Secondly, this whole business has been blown out of proportion: the students were only able to look at their admission status, and that even hinges on the fact that the schools have already published those information to the website. It is not as if the students were actually "hacking" in the sense of escalating their privilege and modifying their admission status. I just don't think this incident is an acurate enough illustration of their moral fibers to warrant such decisions (though I generally have no sympathy for business school applicants).

Thirdly, I think the whole finding out the admission status thing is more akin to being impatient and calling up the admission office with the knowledge that the drunk receptionist would accidentally let the admission status slip out. So why the applicants were treated so harshly and why the ApplyYourself service was not is really troubling me.

W

Re:Unfair treatment (1)

doofer (852276) | more than 9 years ago | (#12669163)

anything that is accessible by typing a URL into a browser window might as well be published.

I disagree with this.

I know that hackers(script kiddies, Urlers, people with no idea, whatever you call them) can get control over some sites using phpnuke, by typing a special URL into their browser window, allowing total control of the sites content.(in my case it was defacement :()

Being able to get around sites by typing 'hack' URL's is _not_ getting to stuff that 'might as well as' be published. In theory, web devs shouldn't put important things un-encrypted in the url, but that's not the case, and the fact they do doesn't make it public domain, it just means they can't code

It's like if your car key worked for a guy's similar ignition, would it be illegal to drive off with his car?

Re:Unfair treatment (1)

krunk4ever (856261) | more than 9 years ago | (#12669203)

It's like if your car key worked for a guy's similar ignition, would it be illegal to drive off with his car?

your analogy is a bit off. it'd be more like me testing my key in your car door to find that my key can unlock your door. although not the best thing to do, especially if getting caught in the act may make you look like a thief, you personally haven't committed any crime. maybe attempted to, but not yet.

the students didn't modify anything on the application result, meaning that they did not steal the car in this case. they just basically peeped inside the car and the parent basically said some of the blame should be put on the car maker for issuing a similar enough key so that you can open other people's door.

this is basically security by obscurity, which is basically not security at all. as the parent also mentioned, the application company (car company in your analogy) should've had more restrictive access.

Re:Unfair treatment (0)

Anonymous Coward | more than 9 years ago | (#12669170)

It reminds me of how some webmasters will go crazy over people linking to their site or part of their site "without permission".

They don't seem to understand that everything is publically accessible by default on the web, and you have to secure it if its not meant for public.

Changing a filename is not the same as securing it. I'm amazed several ivy league institutions would rely on a system made by such clueless people.

Re:Unfair treatment (1)

krunk4ever (856261) | more than 9 years ago | (#12669209)

maybe those students should've hired you to write their essay. or maybe the school was looking for students who were willing to take the blame and accept the responsibility of their act they committed. which route would you have taken?

Getting to the goodies... (5, Insightful)

KingSkippus (799657) | more than 9 years ago | (#12669069)

Good grief. I'm guilty of doing this sort of thing all the time.

I'd never really read about what exactly the applicants did before. If the article is right, all they did was poke around the system with URL munged from information they already had. It's not like they exploited buffer overflows to gain control of the system or anything.

Like I said, I do this type of thing all the time. If I'm on a Web site with content I like and I see a series of URLs named something1.htm, something2.htm, something4.htm, etc., you'd better believe I'm going to type something3.htm in and see what happens. On my own dinky Web sites I have, if I don't want people browsing around the system, I take steps to prevent it, such as making sure the server doesn't allow one to list directories, always having an index.htm file in every directory in case I forget, naming files randomly instead of in series, etc.

And, on top of all of that, as the post above states, all these candidates did was find out information that was going to be disclosed to them soon anyway.

So I gotta ask, what the hell is the big deal here? Why is Stanford being such a hard ass about this? If anyone is to blame here for any significant wrongdoing, it has got to be the company that designed software that so easily gives up unauthorized information. I wonder what Stanford did to seek redress against them. (Probably nothing.)

Re:Getting to the goodies... (3, Informative)

MichaelSmith (789609) | more than 9 years ago | (#12669106)

If the article is right, all they did was poke around the system with URL munged from information they already had.

About five years ago the Federal Government here in Australia introduced a new goods and services tax. Businesses had to register to use the new system and the ATO (tax office) provided a nifty web interface for them to query their account.

One enterprising person changed the account number in the URL and accessed the details of other account holders.

IIRC he called up the ATO and told them he had found a security hole, and exactly how he found it.

Of course, he was charged with hacking the system.

So the Stanford experience is not exactly isolated. For me it is a bit like going to a public office, and trying an unmarked door. It is not your fault if the door is not locked and they can't really charge you with breaking and entering as long as you didn't use the opportunity to commit a crime.

Re:Getting to the goodies... (0)

Anonymous Coward | more than 9 years ago | (#12669162)

"Of course, he was charged with hacking the system."

Note to self: Next time I find a hole like this, I should exploit it rather than mention it..

Way to go, idiots. You've just turned me into a threat rather than a helpful customer.

Only one reply is possible. (5, Interesting)

jesdynf (42915) | more than 9 years ago | (#12669072)

I pledge, the next time I hear of such a possible exploit, to rip as much information from the system as the website gives me permission to retrieve. Every bit of it -- I shall construct scripts, pore over forums, and create a list of possible students whose data I will then attempt to extract.

Additionally, with these links in hand, I shall paste them to random places on the internet, and specific places such as the most likely forums to find such students. I will also disguise their nature and essence, so that users will not know what they click on until it's too late.

So the next time Stanford comes calling, you go ahead and /blame me/. I could've been the one to do it, after all. You don't know I didn't. They don't know I didn't.

Or they could just accept that their own goddamn marketing department creates an illusion of prestige, and that people with a limited amount of time to waste on non-responsive colleges /sitting on/ important information like that are going to want to know who to stop wasting time on, and that if they don't like it they can /fix their fucking permissions/. Do they not know any decent webapp programmers? Who've they been graduating?

They got what they deserve (3, Insightful)

Registered Coward v2 (447531) | more than 9 years ago | (#12669090)

They showed they lack good judgment and a sense of ethics.

I don't want to work with somebody that cuts corners and refuses to play by the rules - what happens when it's a big contract and they decide to "see if we won?" or decide to see if "x is really going to buy Y?"

If I can't trust you to do what is right, I don't want to work with you.

Yes, waiting for B-school admission is a high stress period - but stressful situations is when people's character shows. I can understand HBS and Stanford's stance - they, and their alumni, don't want to be associated with the type of people that will create another Enron.

Overall, they were probably to dumb to get in - from what I saw, the "hack" was a no-brainier - append some code to the end of the URL to hit a page rather than some smart piece of coding; more importantly - didn't they think that there would be alums of schools on the boards that would see th "hack" and let their schools now? And that these alums would be know who to talk to so that the school could investigate and take whatever action is deemed appropriate? If one of the "hackers" had been smart, they'd email the Dean of Admissions and ask - "Someone posted this as a way to check admissions status - is it OK if I use it?"

Re:They got what they deserve (1, Funny)

Anonymous Coward | more than 9 years ago | (#12669120)

They showed they lack good judgment and a sense of ethics.

Exactly. It's right that they should be rejected since they already have the skills that business school would teach them.

Re:They got what they deserve (5, Insightful)

ultranova (717540) | more than 9 years ago | (#12669146)

They showed they lack good judgment and a sense of ethics.

Lack of good judgement maybe; but how is it unethical to try to get information concerning yourself ? Or are you trying to imply that Stanford is some sort of ethical authority ?

I don't want to work with somebody that cuts corners and refuses to play by the rules - what happens when it's a big contract and they decide to "see if we won?" or decide to see if "x is really going to buy Y?"

I'd imagine that they would become successfull and capable businessmen. After all, the ability to get good information is the cornerstone of making good decisions.

If I can't trust you to do what is right, I don't want to work with you.

Are you sure you aren't confusing moral right with your own expectations of human behiviour ? Because, to the best of my knowledge, there's absolutely nothing unethical in reading information concerning myself, even if someone else is trying to keep it a secret.

Yes, waiting for B-school admission is a high stress period - but stressful situations is when people's character shows. I can understand HBS and Stanford's stance - they, and their alumni, don't want to be associated with the type of people that will create another Enron.

Kindly explain what finding out whether you were admitted to a school has to do with forging accounts ?

Overall, they were probably to dumb to get in - from what I saw, the "hack" was a no-brainier - append some code to the end of the URL to hit a page rather than some smart piece of coding; more importantly - didn't they think that there would be alums of schools on the boards that would see th "hack" and let their schools now? And that these alums would be know who to talk to so that the school could investigate and take whatever action is deemed appropriate?

Maybe they made the mistake of assuming that the school would take appropriate action, as opposed to the action it actually took ?

If one of the "hackers" had been smart, they'd email the Dean of Admissions and ask - "Someone posted this as a way to check admissions status - is it OK if I use it?"

How would this have been smart ? These people had no obligations towards the Dean; why would they ask his permission to view information concerning them ?

Re:They got what they deserve (1)

Registered Coward v2 (447531) | more than 9 years ago | (#12669316)



They showed they lack good judgment and a sense of ethics.

Lack of good judgement maybe; but how is it unethical to try to get information concerning yourself ? Or are you trying to imply that Stanford is some sort of ethical authority ?


What matters is how they got the information - they could have calle dthe school and asked for, for example.

I don't want to work with somebody that cuts corners and refuses to play by the rules - what happens when it's a big contract and they decide to "see if we won?" or decide to see if "x is really going to buy Y?"

I'd imagine that they would become successfull and capable businessmen. After all, the ability to get good information is the cornerstone of making good decisions.


Again, there is a right way and a wrong way to get information - people don't expect nor allow others to walk into their office and read whatever they want, ven if teh door is unlocked.

If I can't trust you to do what is right, I don't want to work with you.

Are you sure you aren't confusing moral right with your own expectations of human behiviour ? Because, to the best of my knowledge, there's absolutely nothing unethical in reading information concerning myself, even if someone else is trying to keep it a secret.


Again, it depends on how you get the information - if someone tells me that you have a file on me in your house, I don't have the right to break in and read it.

Re:They got what they deserve (1)

-kertrats- (718219) | more than 9 years ago | (#12669189)

If I can't trust you to do what is right, I don't want to work with you.

That's assuming that what they did was wrong. I fail to see how it was-the information was there, Stanford had it posted on public pages (granted, the URLs werent listed, but the fact that they were there at all without any encryption or password required shows that they were available to anyone).

Re:They got what they deserve (1)

Registered Coward v2 (447531) | more than 9 years ago | (#12669286)

That's assuming that what they did was wrong. I fail to see how it was-the information was there, Stanford had it posted on public pages (granted, the URLs werent listed, but the fact that they were there at all without any encryption or password required shows that they were available to anyone).

That's like saying beacuse you're connected to the internet, and your security isn't 100%, it's OK to take a look at what's on your machine.

The schools told the applicants when they would be informed of their decision, and expected them to abide by the the timeline; applying for admission, IMHO, was agreeing to follow the school's timeline and so they should have realized what they did was unethical

What they did is morally no different than walking through an unlocked door to the admission office, walking unchallenged to a file cabinet and pulling and reading your app. Just because you can do it doesn't make it right.

If the 80's have taught us anything..... (0)

Anonymous Coward | more than 9 years ago | (#12669194)

It's that "a sense of ethics" is indicative of a lack of good judgement.

Re:They got what they deserve (1)

Khyber (864651) | more than 9 years ago | (#12669226)

They did not get what they deserve. In almost any case, this ia a practical use of entrapment to disenfranchise a person of the money either they, or their supporting relatives/friends, used to gain admittance into the school, after they had to prove their worthiness of entering.

Now who's more ethical in this case, the students, who believed they were doing th right thing, or the chool, who purposely mislead them as a way of testing "worthiness" for admission?

I'm sorry, but if I pay to get into a school after I bust my ass, they better accept me and be willing to train me regardless. Either they teach me right from wrong, or they force me to go to the wrong and work against them. Again, it's business sense, and somehow, I have the sinking feeling that not just the school was involved in this little matter.

Re:They got what they deserve (1)

Maestro4k (707634) | more than 9 years ago | (#12669252)

I don't want to work with somebody that cuts corners and refuses to play by the rules - what happens when it's a big contract and they decide to "see if we won?" or decide to see if "x is really going to buy Y?"
Sorry, no, you have the wrong idea here. This would be akin to checking to see if the deposit from a contract had come through yet so that it could be used to do more work. This isn't like they were trying to obtain information they weren't entitled to know. It was them just seeing if they had been accepted or not. Most probably didn't realize they were doing anything wrong. Also knowing if this was wrong or not takes someone much more technically oriented than most business school applicants are going to be. They weren't trying to get into the CS or EE program after all. I don't expect managers to have a freaking clue about security unless they're over IT. Even then I don't really expect it, technical knowledge and management seem to be mutually exclusive things.

Re:They got what they deserve (1)

Registered Coward v2 (447531) | more than 9 years ago | (#12669349)

I don't want to work with somebody that cuts corners and refuses to play by the rules - what happens when it's a big contract and they decide to "see if we won?" or decide to see if "x is really going to buy Y?"

Sorry, no, you have the wrong idea here. This would be akin to checking to see if the deposit from a contract had come through yet so that it could be used to do more work. This isn't like they were trying to obtain information they weren't entitled to know. It was them just seeing if they had been accepted or not. Most probably didn't realize they were doing anything wrong. Also knowing if this was wrong or not takes someone much more technically oriented than most business school applicants are going to be. They weren't trying to get into the CS or EE program after all. I don't expect managers to have a freaking clue about security unless they're over IT. Even then I don't really expect it, technical knowledge and management seem to be mutually exclusive things.


Checking a deposit means you look at your account, which you control, what they did would be more akin to walking into the other companies office and pulling the contract, or finding a way into their computer system to see if a payment had been authorized but not yet made.

My point is how they got the information was wrong - the schools said they'd let them know by a certain date, and they found a back door way to get the information.

If they didn't know what they were doing was unethical, then they have a more fundemental problem of not being smart enough to know when they may be crossing the line.

Re:They got what they deserve (5, Insightful)

Znork (31774) | more than 9 years ago | (#12669266)

"They showed they lack good judgment and a sense of ethics."

Um, no, they showed curiosity and a certain resourcefulness in finding data. Traits I can certainly appreciate in colleagues.

Now, HBS and Stanford on the other hand showed a lack of good judgement and a sense of ethics. Their only concern appears to be to save face because they invested in a crap product that apparently doesnt even have proper access control. To blame some applicants to cover up their own incompetence is pretty low.

"they'd email the Dean of Admissions and ask"

Where do I send my mail asking if it is ok to access www.harvard.edu? Some guy said you could access their webpage if you typed that into your web browser, but I'm not sure I'm allowed to?

If you can access it you can assume you're allowed to access it. It is not customary to be required to ask permission for looking at things in plain view.

Business Ethics 0.99? (1)

Nipok Nek (87328) | more than 9 years ago | (#12669099)

Don't Harvard and Stanford have Business Ethics classes? Presumably, you teach a class to educate people on a subject. But apparantly, for these students, the test was administered before the lessons were given. Hurray for Higher Education.

Re:Business Ethics 0.99? (1)

rah1420 (234198) | more than 9 years ago | (#12669129)

Isn't that an oxymoron?

Re:Business Ethics 0.99? (0)

Anonymous Coward | more than 9 years ago | (#12669151)

Isn't that an oxymoron?

No. Business ethics are very important.

Principle 1: Don't get caught (they failed it).

Principle 2: if you do get caught, have a bullet proof excuse ready (they failed it again).

Re:Business Ethics 0.99? (1)

Samedi1971 (194079) | more than 9 years ago | (#12669169)

The lesson learned is Thou shalt not get caught.

Consider it a free course in practical business ethics. And from such a prestigious institution!

culture of zero tolerance (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12669103)

the applicants, for the most part, are still 'just kids' and even as a woefully too well aged adult, I can still relate to the idea that taking a peek at 'hidde' information on a web site is not evil

the proble is not the kids. i's this culture of zero tolerance which the otherwise liberal educational community has latched onto with a fervor one would normally expect from religous fanatics.

back when i was attending college the attitudes were different. administration had a 'boys will be boys' attitude and was more concerned with helping us understand why certain activites were not acceptable, rather than striking us down like Zeus on the maountain.

Based on the information I've encountered regarding this mess, there seems to be an extreme level of self righteous bigotry on the part of the 'adults'.

Or perhaps they are just too lazy to do their job of education.

Re:culture of zero tolerance (0)

Anonymous Coward | more than 9 years ago | (#12669112)

apologies for missing characters. i'm afraid it's time for a new keyboard.

Re:culture of zero tolerance (0)

Anonymous Coward | more than 9 years ago | (#12669282)

apologies for missing characters. i'm afraid it's time for a new keyboard.

Sorry, that's just unacceptible.

URL "hacking" court case (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12669115)

Reuters were accused of hacking when they guessed the URL of an upcoming interim report from Swedish IT consulting firm Intentia. There's a Wired article about the incident [wired.com] .

Admit Them (1)

FEEBLE*BMX (695853) | more than 9 years ago | (#12669122)

Isn't the school looking for students who are smart enough to work their way around a problem? They should admit everyone who was able to find their way into the system. I guess they'd rather have students who just blindly do whatever they've been told.

Re:Admit Them (0)

Anonymous Coward | more than 9 years ago | (#12669154)

"I guess they'd rather have students who just blindly do whatever they've been told."

Yes; They will be prepared for american society :)

No need for people who can actually think.

Re:Admit Them (1)

mick_S3 (871725) | more than 9 years ago | (#12669187)

Their first assignment: Fix the piss poor implementaion that exposed sensitive information to unauthorized users.

Come on, this is stanfords own fault (4, Insightful)

donscarletti (569232) | more than 9 years ago | (#12669123)

It is sad that most decision makers don't understand what "hacking" actually is. A security breech that allows information to be extracted is simply a process of asking for information in the right way. Whether they like it or not, their own computer told these applicants what they wanted to know because of a simple trick of asking the right question. Their computers were not told to protect the information and so it blabbed to these students as soon as it was cued. This particular hack is analogous to walking to a front desk and asking the receptionist the hypothetical question: "imagine for a second that today was the Sunday two weeks from now, now in that situation, what would you tell me about my Stanford acceptance?" and getting a reply. In that situation the result would be the receptionist that was fired, not the questioner getting punished, I don't see why it should be any different for its electronic analogue.

Of cause no institution should be forced to accept students it doesn't want to, but morally speaking, these students have done nothing wrong. There are many immoral things one can do on a computer: sabotaging other people's systems, destroying other people's data among others. But finding out personal information by asking a gullible computer the right question is perfectly understandable. If Stanford want this data safe, they should fix their computers so it protects the data. Computers are remote controlled and pretty much do what their asked to do. One wouldn't leave a priceless Monet strapped to a remote control truck that every kid with a toy car can control, so why do people complain about their loose lipped computer squealing numbers to some kid who knows how to use a URL bar? The sooner people see computers for what they are: devices that are told what to do by more people than they should and forget about the whole trespass on private land metaphors, the sooner people might take some responsibility about dumb machines being given too much information. They probably will end up a lot safer in the long term. It really makes me mad when people blame others for exploiting their own gullibility.

Re:Come on, this is stanfords own fault (1)

Otter (3800) | more than 9 years ago | (#12669341)

They understand your notion of ethics -- they're simply saying that they don't want students who hold that notion.

I've been somewhat sympathetic to the students, who didn't do anything that was that blatantly inappropriate. But seeing the reasoning people deploy in their defense is making it clear why the universities decided that they offenders were facing a test and failed it.

For example, let's say (and this happens constantly) a vendor mistakenly faxes sensitive information to us instead of to the correct client, one of our competitors. According to your logic, this is even more legitimately obtained information than the acceptance information, right? We didn't do anything -- it just appeared in the machine. We don't want people with that attitude working here because 1) they put the company at legal risk and 2) if they can rationalize crewing other people, they'll rationalize screwing us.

Re:Come on, this is stanfords own fault (2, Insightful)

Xugumad (39311) | more than 9 years ago | (#12669348)

Actually, if they had got the same information from the secretary, I would expect them to be punished. It's reasonably obvious they shouldn't have the information, and getting it through trickery is wrong. If they'd simply asked the secretary "Have I been accepted?", and they'd mistakenly told them, that would be different, of course.

I hate this idea of "It wasn't protected enough, so it's okay". Yes, the website screwed up, but that doesn't mean it's right for the students to have accessed a page they were not meant to.

Having said that, Stanford really need to make sure the people managing the website realise what went wrong, and why, and never make the same mistake again. There are too many coders out there who don't get simple ideas like verifying user input (let alone the input of hidden fields), and that needs to change.

User agreement? (1)

l33td00d42 (873726) | more than 9 years ago | (#12669130)

These folks had to be logged in to access the info. Did they agree to a user agreement that said something about attempts to access information they aren't intended to have access to? If not, I say all bets are off and the students exhibited no dishonesty--especially since nothing was "stolen" except innocuous information. If they did accept such an agreement, I would say their actions were dishonest.

Re:User agreement? (1)

Khyber (864651) | more than 9 years ago | (#12669255)

Fully agreed. If it's not listed in the TOS, it's not applicable by law. Therefore, the university has no legal right/obligation to deny these students admission into the program, regardless of whether it was a setup or not.

The only question remains, will these students file a lawsuit for unlawful discrimination, when technically nothing has been done wrong?

Ridiculous (1)

raxxerax (673428) | more than 9 years ago | (#12669134)

These students did nothing wrong. Typing in a URL and reading the web page returned is equivalent to calling ApplyYourself on the phone, asking for the results and listening to the answer. If they weren't supposed to have the results, it was ApplyYourself's responsibility to make sure that answer was "Sorry, you can't have that information."

-Raxxerax

White/Grey/Black Hats..... (1, Interesting)

Khyber (864651) | more than 9 years ago | (#12669158)

So.. these universities' reasns for not accepting/training potential white hats is because of what they did in the first place to prove a point?

Not only does this sound idiotic, but this gives the potential "good guys" more reasons to be "bad guys" (AKA Black Hats.)

The best course of action would be to accept these students, train them in the ways of ethical hacking, then give them a degree and place them in a field where they would be useful (There are many subdivisions of White Hats/Grey Hats/Black Hats, depends on the subject matter/programming language.)

By not accepting these bright minds, and giving them the education/tools they need for a decent and "acceptable" life, not only are they throwing away the security of the next generation, but IMHO, they're encouraging the proliferation of a more negative generation of problems. While, to some point, this may be economically sound (Can't have good hackers without bad hackers, right?) I fail to see how in the short term (our current generation's economy) where this will be beneficial. These people will to some degree inherently cause problems for us if they don't have the ethical presence of mind to know what's "Good" hacking and "Bad" hacking.

Again, I cannot stress how much Stephen Levy's "Hackers" should be a guiding book for these pupils. They'll learn exactly the original and "true" reasons for hacking. Information must remain public, asides that which is detrimental to any or many members of our society. Were this book a piece of core curriculum for college students, we'd have less problems as it is now, notwithstanding other unethical hackers from the USSR or China, or the Phillippines.... (No, I'm not just listing those out of spite, they're the proven most common occurances of unethical hacking recorded as far as countries go.)

Poor Judgement or Hacking? (1)

lord_lyrabas (802870) | more than 9 years ago | (#12669171)

Poor Judgement is a possibility here for sure. However, "hacking" is just plain crazy. They didn't hack anything and I agree with most of the postings that say that if anything, the schools should be going after the web people for creating such an insecure system. Did the schools prove beyond a reasonable doubt that the students were the ones that actually looked at the admissions status? Maybe it was someone else. If the students wanted to, I think they each may have a good case for going after the schools for libel and defamation of character lawsuits. Forcing the school to either "put up or shut up." Sounds like they were made examples of in the harshest of ways. And that just isn't right. The way the school handled the situation makes me wonder about it's own ethics.

In a litigious society... (1)

longword (2293) | more than 9 years ago | (#12669186)

How long before a rejected student takes legal action against a school, ApplyYourself or both?

Petty and ridiculous (0, Troll)

kernelpanicked (882802) | more than 9 years ago | (#12669190)

This is pathetic. First, it's not hacking if you give away login information in your source code. It's really shitty coding. Of course why would Stanford want students who have expressed an ounce of give a damn about getting admitted, when they can have the same pathetic bunch of rich tards year after year.

---
You failed to confirm you are a human. Please double-check the 7-letter image and make sure you typed in what it says.
Fuck off Slashdot

Stanford's liability? (2, Insightful)

Sam Nitzberg (242911) | more than 9 years ago | (#12669256)

Although the prospective students have been penalized by Stanford, there is something that I don't quite understand.

It seems that Stanford made this information (acceptance status) available by entering a (guessable) address.

Until this information was issued formally to the student, Stanford apparently considered this information confidential.

By not utilizing an effective password / security system, Stanford then effectively made this information publicly available.

One could argue that any student would have a right / entitlement to know what information on himself / herself was being made publicly available - especially if the information were supposed to have been confidential.

It is arguable that Stanford effectively violated the privacy of the students, but is prepared to punish the (prospective) students for obtaining the information it made publiclay available.

Re:Stanford's liability? (1)

t_allardyce (48447) | more than 9 years ago | (#12669334)

In the US you don't have that right.

Sort out the mediocre ones (1)

mnmn (145599) | more than 9 years ago | (#12669321)

So only the 'best' hackers are allowed into Stanford, ones who werent caught?

Their choice? (1)

t_allardyce (48447) | more than 9 years ago | (#12669329)

The issue is that Stanford regards this as the equivalent of being asked to wait at an office while someone is away and quickly taking a peek at the list of results lying on their desk. They clearly expected reasonable privacy and you knowingly violated that privacy, now imagine if that list was turned over face-down, or if it it was in a folder or a draw, the violation would be even clearer. Translating this to the Internet is hard and debatable: the user was 'logged in' (aka invited into the admissions office), the information should have been secured, but then the piece of paper should at least have been turned face down or put in a draw. If they hadn't been logged on it would have made a slight difference, at the end of the day, both parties are in the wrong - Stanford failed to use basic security and the students took advantage of that failure. Typing a URL should never be illegal, but the actions you choose to make in front of people who will decide your admission to a university will obviously affect their decision, if you told them to fuck themselves would you expect to be accepted?

Look (2, Insightful)

MotorMachineMercenar (124135) | more than 9 years ago | (#12669352)

I know cheating is something of a sport these days, often performed almost competitively and without second thought to ethics. But when all the highest rated replies to this story are people defending the actions of those students who gained unauthorized access to that information, that's too much.

What these (prospective) students did was wrong. Period. They willingly and knowingly gained unauthorized access to information that was not theirs to access. I generally hate analogies but here goes: if these students found a key to their professor's room and snuck in to check on their exam results, do you think there'd be a furor as to whether they are guilty of cheatin or not?

Now, whether that access gives them an unfair edge like cheating in exams does is irrelevant. Also, whether these students knew they were "hacking" or not is irrelevant. I am positive every single one of them knew of how the status of their application was to be informed to them, and I'm positive that didn't include manipulating the URL or getting instant messages from friends about how to do it. Just the act of getting access to these records is the offense.

The conclusion is that these students deserved the punishment they got. I am also very happy to learn that there are other schools than my alma mater which take honor of their students (and faculty) seriously.

I'm afraid the reaction to this story on /. is a reflection of the corrupted morals of western nations (and increasingly elsewhere). For many of you cheating through life is an easy way out and a deliberate choice, but I know I will be a better man if I go through my life honorably.

They're obviously MBA material! (0)

Anonymous Coward | more than 9 years ago | (#12669368)

MBA applicants. Unethical behaviour. Don't admit them, just hand them diplomas!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?