Jarrett House North :— OK after all my rants and various philosophical concepts the actual instructions for the student URL re-direction in the Harvard scandal is revealed here on the PowerYogi site. Reader/blogger Tim Jarrett sent me the link. Jarrett also takes a hard line approach to what I’d now call a script kiddy violation or simple curiosity. But, if indeed, there was a complex and dubious procedure then there may be some justification for complaint. In this case the indication is that the students should have known this was traceable. Making such an error shows bad judgement.

I still think the colleges should have sut up and not showboated and exposed the fact that they were using flawed software. And I’m still not convinced this can be considered “hacking” in any real sense. But I now retract my earlier comments and criticisms made today.

From Jarrett’s Blog:

So the question is, could people have been tricked into looking at their records, as Kreisberg suggests? Answer: probably not. Following the directions to get the ID values should tip the applicant off that they’re going to see something they shouldn’t be seeing. And I don’t think it would be common for people to share out their user IDs and PINs for their online applications, so the odds of someone else checking your application status without your knowledge are pretty slim.

Bottom line: I think Sloan and the other business schools involved should take a hard line on its applicants files who were compromised as well.



  1. Ima Fish says:

    John, I don’t see how this is bad news for student. There was still no hacking involved. Do you really think that using source view is hacking?!

    If that’s the case, I’m hacking quite often. Everytime I want to download a Quicktime movie, e.g., instead of simply watching it, I go to source view and find the actual link to the file. That’s hacking?!

    And once again, does modifying the url in a browser constitute hacking. I sure hope not, because if so I hack quite often.

    To view a webpage, your browser downloads it to YOUR system. Thus, the “id=1234567” information resides IN YOUR SYSTEM’S CACHE!!!! Are these students hacking their own systems, because they sure in heck aren’t hacking the schools’ systems to get that “id=1234567” information.

    There is just no way in heck this type of behavior is hacking. As far as I’m concerned, any information someone can see in source view is already on your on computer and is open game.

    I’ll say it again, these systems are flawed, and instead of admitting it, they’re blaming in on “hacking” knowing full well that the vast majority of citizens have no idea what hacking involves.

  2. Thomas says:

    I’ll buy that we are in a fractionally grey area here, but I still say that dumping the admissions for these students based on this is way too extreme. We are talking about their future begin jeopardized because of curiosity and bad website design.

    This hard line approach smacks very much of the DMCA approach. “Even if we leave the door wide open, if you look you can be arrested.” IMO, the onus should be on the website designer to not leave the door open in the first place.

  3. Chris Gregg says:

    I think you’re both missing the point here. The applicants willfully tried to find out admissions selection information before the school sent them their letters, and that is an ethical wrong. It is a perfect analogy with the kid getting his hand caught in the cookie jar: the cookies may be freely available by lifting off the jar, but they aren’t available until mom says so (after dinner!).

    I almost wish the B-schools said, “We did this to see if you were ethical or not! You’re not…goodbye!”, although at the same time I’m not a fan of entrapment. 🙂

  4. Milo says:

    Yes this whole thing has a top down elitist quality to it. “Impudent fools you aren’t just viewing source here you are viewing Harvard source! Remove the applicants! All of them!”

  5. meetsy says:

    sut up?

  6. RB says:

    Sut up = Being quiet 🙂

  7. jon says:

    I think you’re both missing the point here. The applicants willfully tried to find out admissions selection information before the school sent them their letters, and that is an ethical wrong

    OR, were just poking around, as many do on websites, by removing some stinking words from the URL.

    if these guys are treating this as such a hacking undertaking, you’d think they’d admire their “cleverness” as well.

    if you want to know the average internet guy on the street’s take–harvard is coming off as idiotic.

    j.


0

Bad Behavior has blocked 4639 access attempts in the last 7 days.