Hacking applicants turned down by Stanford

[exequor]

Stanford, CA, May. 31 (UPI) -- California's Stanford University has rejected 41 prospective students for following a computer hacker's advice to check admissions status.

The students had been seeking entrance into Stanford's Business School with the goal of a master's of business administration, but all have been denied admission, the San Francisco Chronicle reported Tuesday.

The applicants allegedly followed the advice of a person who hacked into computer system that stored application information for several colleges and universities. The applicants were able to see only their own information, some of which was incomplete when the hacking occurred in March, media reports at the time stated.

The schools involved said they considered the checking an ethics violation.

Dean of the Graduate School of Business Robert Joss said each of the applications was considered individually, however, none of the prospective students could offer a good explanation for taking the hacker's advise.

I still don't get the reason for turning down their applications, maybe if they did something to influence their admissions decision I would understand.

 

[Evo]

I still don't get the reason for turning down their applications, maybe if they did something to influence their admissions decision I would understand.

Because hacking into the school's computer system is unethical, at the very least. Not to mention dumb.

 

[Pengwuino]

Because hacking into the school's computer system is unethical, at the very least. Not to mention dumb.

exactly! And besides! The business world can't have its good name tarnished by introducing such unethical people into the bloodline ;)

 

[Evo]

exactly! And besides! The business world can't have its good name tarnished by introducing such unethical people into the bloodline ;)

These people got caught being unethical before even getting started, they'd never stand a chance in business.

 

[Pengwuino]

haha... who knows, maybe their action would have qualified for course credit if they hacked someone else :D

 

[dduardo]

I think it is the web developers fault for allowing this to happen. It would be completely irresponsible to not have some type of effective timestamp that prevents a page from generating before an acceptable time. This is basic security 101.

This happens all the time with corporate press releases. For example if a company has their press releases as such:

http://www.companyA.com/pr/release-2005-05-24.html

I don't consider it hacking or unethical if I try entering dates in the future such as:

http://www.companyA.com/pr/release-2005-06-24.html

 

[Pengwuino]

I think its the hackers fault for hacking in

 

[Hurkyl]

I think it is the web developers fault for allowing this to happen.

And it's the homeowner's fault for leaving his door open, allowing people to steal his stuff too, eh?

I don't consider it hacking or unethical if I try entering dates in the future such as:

Same analogy. (I'm feeling lazy!)

 

[Jameson]

Stanford looked bad and needed to do something to take away the attention. If they had allowed the students to attend their school it would be like inviting hackers from all over the globe to take a stab at Standford.

 

[exequor]

The applicants more or less took advice from a hacker (I know that is no excuse). I don't think what they did was right either but I'm sure if every one of you on this board come across some website one day that had information about the future, most of you would stop and read every single line.

Let's say that you came across some government website showing all the lucky people that won't be taxed, would you look? I'm dying to see who replies and says that they won't.

 

[Hurkyl]

Why would I?

 

[dduardo]

And it's the homeowner's fault for leaving his door open, allowing people to steal his stuff too, eh?

If you leave your Aston Martin in a bad neighborhood with the doors unlocked and the keys in the ignition, then your an idiot. All I'm trying to say is that there should be a level of accountability on the part of the company writing the software.

Also, what's so wrong about knowing if you got accepted or not? It's not like your changing your admission status.

 

[Huckleberry]

As a citizen the government is responsible to me. It is my right to view my public records. Stanford is a private university. Their records belong to them, not prospective students. The students cheated and got caught. Maybe their ethical violation was that they couldn't come up with a convincing lie. They'd never make it in the business world anyway.

Deny, deny, deny. "My mom must have done it because she was anxious for me." "The hacker did it." "What are you talking about? Did I get in?" "I'll sue unless you can prove I did it."

 

[Evo]

If you leave your Aston Martin in a bad neighborhood with the doors unlocked and the keys in the ignition, then your an idiot. All I'm trying to say is that there should be a level of accountability on the part of the company writing the software.

Yes, they should have better security, but that doesn't making hacking ethical. And why do we all need security? Because of unethical people.

Also, what's so wrong about knowing if you got accepted or not? It's not like your changing your admission status.

Ok, let's say that you've applied for a job at XYZ company and some hacker tells you how you can break into XYZ company's computer and see the status of your application. XYZ finds out what you've done and decides not to hire you. Can you guess why?

 

[Evo]

As a citizen the government is responsible to me. It is my right to view my public records.

Tried hacking into the IRS website to check your tax status lately?

 

[dduardo]

First its cracking, not hacking.

Second of all, they aren't breaking into any computers and trying to gain privilege escalation. They are simply manipulating the url string. For all I know some 3rd party javascript from a sketchy site changed the url.

Url modification is hardly cracking. Stanford just doesn't want to look bad in light of the current identity theft mess (LexisNexis, etc). They are just trying to cover their behind. You know there are people out there asking "If they can easily find out their admission status, what else can they find out?(SS Numbers, Addresses, etc of other people)"

It also doesn't help that the media is sentationalizing this story.

 

[Evo]

They accessed information which did not belong to them and had no authorization to view. They got what they deserved.

Let's change the scenario from computer to real life. I want to check on my application status so I go to the admissions office, the door is closed, but unlocked, (or closer to the computer scenario, the door is locked, but I found the key on the secretary's desk) I let myself in, no one is there, I start going through the filing cabinets looking for my application status, the administrator walks in and finds me. They decide that my behavior is unethical and dismiss my application.

The students didn't want to wait. Well who does? Sorry, I do not feel sorry for these students, they took a chance (for a really stupid reason) and got caught. There is just no way you can look at this and say they were within their rights to do it. They displayed immaturity and lack of restraint.

 

[Huckleberry]

Tried hacking into the IRS website to check your tax status lately?

I can barely operate a computer, nevermind try to hack or crack. But I still think I should have the right to view my own information. I think the government is wrong in this case.

 

[Evo]

I can barely operate a computer, nevermind try to hack or crack. But I still think I should have the right to view my own information. I think the government is wrong in this case.

Your tax information is available online, without hacking.

 

[Huckleberry]

Your tax information is available online, without hacking.

Ok, now your just playing with me.

 

[Evo]

Ok, now your just playing with me.

Well, except your information, that they're withholding.

 

[Huckleberry]

Not very sporting to go after small game. You really need more of a challenge. My 8 year old niece probably knows more about computers than I do. I'm such a luddite.

 

[dduardo]

"No material from these pages may be copied, reproduced, posted, transmitted, or distributed in any way, except that you may print or download on any single computer one copy of the materials for non-commercial use only, provided you keep intact all copyright and other proprietary notices."

If ApplyYourself.com is KNOWNINGLY putting information on their website, don't they expect people to view its content, especially if no password is required? Based on the legal notice people visiting the site have every right to download a copy of the material being hosted on the site for noncommericial purposes.

Let me ask you this: Is it unethical for a google bot to index and cache a page which was not specifically denied in robots.txt?

You can't compare url modification to breaking and entering just as you can't compare robbing a music store to downloading a copy of music off the web. In the real world you deal with physical property while on the net you deal with intellectual property. Two different beasts entirely.

 

[exequor]

I'm saying it again, I don't think what they did was right but think about it. Most universities allow students to check their admission status (thats what the applicants did). It's true, if Stanford wanted them to do that they would have put a link on the site, but I think the university has to take some of the responsibility because they should know that students may have other plans too.

And I think the story is exagerrated because this is not even hacking, think about this, I can do a WHOIS search for a particular IP address, you may not want me to look up your IP address, so what are you saying, I'm being unethical (this may be a bad analogy). Bottom line, they did not do anything to their advantage, they simply viewed information. If I saw the PS3 three months before E3 am I being unethical?

 

[Hurkyl]

If you leave your Aston Martin in a bad neighborhood with the doors unlocked and the keys in the ignition, then your an idiot.

Certainly. That doesn't mean it's not a crime when someone steals it.

All I'm trying to say is that there should be a level of accountability on the part of the company writing the software.

Whether you were trying or not, you also said the students were blameless.

 

[Minorail]

Is Stanford famou sin us, i never heard of it fame in asia. here we heard only of mit and berkely, and perhpas another is Usc. i tell truthfully.

 

[Minorail]

i only wonder why such an infamos school is having people applying for buz, some other like mit, berk isn't better better. graduate always easier then undergraduate.
and those graduates only concetrte on a special subject, some are even unable to clearly state reason why assembly is not used for making sofware. blive me.
If some professor from stanforx are here,please check this out with all of your graduate student to see if i am correct. , espeially those who specialise in software development.

 

[Pengwuino]

@Minorail

Stanford is one of the top universities in the United States.

@Topic

Does anyone know if this was a hack or a simple url change?

If any security was bypassed, that's completely unethical. If they simply changed urls and had full intent of viewing their application, that's still unethical but a lawyer would be able to convince you differently.

 

[franznietzsche]

Yes, they should have better security, but that doesn't making hacking ethical. And why do we all need security? Because of unethical people.

Hacking is perfectly ethical. Cracking on the other hand... </being an ass>

 

[franznietzsche]

Is Stanford famou sin us, i never heard of it fame in asia. here we heard only of mit and berkely, and perhpas another is Usc. i tell truthfully.

The only difference between Stanford, MIT, and Berkely is that Stanford gives everyone a 4.0 (not really, but their grades are notorioualy inflated, medical schools ignore GPAs from Stanford altogether, or so I've been told (Of course, it was a Berkely alumn who told me this so...meh).