Surprising Security Breach: Unauthorized Editing of MIT College Applications

Click For Summary

Discussion Overview

The discussion centers around a reported security breach involving unauthorized access to the editing area of a college application for MIT. Participants explore the implications of this incident, particularly concerning the security of personal information and the potential for similar vulnerabilities in the system.

Discussion Character

  • Exploratory, Technical explanation, Debate/contested

Main Points Raised

  • One participant describes experiencing unauthorized access to another student's application without needing a username or password, raising concerns about MIT's security measures.
  • Another participant suggests that the issue may stem from a session variable mixup, expressing surprise that such a problem could occur on MIT's site.
  • A third participant humorously questions the likelihood of similar security issues occurring elsewhere, indicating a broader concern about the reliability of online application systems.
  • Another participant speculates on possible technical explanations, including issues related to NAT devices or man-in-the-middle attacks, and questions whether the incident was reported to the server administrator.

Areas of Agreement / Disagreement

Participants express concern about the security implications of the incident, but there is no consensus on the exact cause or the likelihood of similar issues occurring in the future.

Contextual Notes

Participants mention various technical possibilities for the breach, including session management issues and network configurations, but do not resolve the underlying causes or assumptions regarding the incident.

Tom McCurdy
Messages
1,021
Reaction score
1
I was working on filling out my college application for MIT when I had timed out... so I went back to the site and hit undergrad admissions... and volla without typing in a username or password I was in the editing area for a student in california I have never met. How is it possible that I was able to not only view some random person applicaton but I also had editing capabilities (although I did not touch his application in anyway). It really surprised me to find MIT to have such an error-- it also made me worried for security purposes about my application.
 
Computer science news on Phys.org
uh oh. Sounds like a session variable mixup. I am surprised that happened on MIT's site.
 
lol

if this happened to me what do you think the odds are of other problems similar in nature
 
Thats bad :) especially for an IT depts site... Sounds like that server needs some love and care!...

I wonder how that could happen... Unless you were bothing coming in from the same IP address (behind some NAT device) and either someone was MITM attacking and messed up or the NAT device, Port allocation table was messed around with/mess up...

Strange how you could get a Someone elses session

Did you report that to the server admin?
 

Similar threads

Admissions Do I have a good shot at CalTech/MIT's graduate program for physics?
  • · Replies 8 ·
Replies
8
Views
8K
Admissions Do I have a chance to get into MIT?
  • · Replies 8 ·
Replies
8
Views
3K
Courses Is MIT OpenCourseWare Self-Study Sufficient for Grad School Applications?
  • · Replies 1 ·
Replies
1
Views
3K
Admissions Statement of purpose critique request (high-energy theory PhD application)
  • · Replies 7 ·
Replies
7
Views
5K
TabletPCs for Science and Science Teaching [blog entry from 2006]
  • · Replies 3 ·
Replies
3
Views
5K
Admissions Curious about my grad school prospects
  • · Replies 3 ·
Replies
3
Views
4K
Graduate RIP Edwin F Taylor (1931-2025)
  • · Replies 3 ·
Replies
3
Views
2K
"Arrivals" list inside secure airport terminals
  • · Replies 8 ·
Replies
8
Views
3K
Schools Admission to graduate schools like MIT,Princeton(for physics,maths)
  • · Replies 26 ·
Replies
26
Views
15K
Switching from Finance to Physics
  • · Replies 2 ·
Replies
2
Views
3K